The Hacker NewsArchived May 18, 2026✓ Full text saved
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. "External control of a file name
Full text archived locally
✦ AI Summary· Claude Sonnet
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ravie LakshmananMay 18, 2026Vulnerability / Software Security
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code.
Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks.
"External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks," Ivanti said in an advisory.
Fortinet published advisories for two critical shortcomings affecting FortiAuthenticator and FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS that could result in code execution -
CVE-2026-44277 (CVSS score: 9.1) - An improper access control vulnerability in FortiAuthenticator that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. (Fixed in FortiAuthenticator versions 6.5.7, 6.6.9, and 8.0.3)
CVE-2026-26083 (CVSS score: 9.1) - A missing authorization vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI that may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. (Fixed in FortiSandbox versions 4.4.9 and 5.0.2, FortiSandbox Cloud version 5.0.6, and FortiSandbox PaaS versions 4.4.9. and 5.0.2)
SAP also shipped fixes for two critical vulnerabilities -
CVE-2026-34260 (CVSS score: 9.6) - An SQL injection vulnerability in SAP S/4HANA
CVE-2026-34263 (CVSS score: 9.6) - A missing authentication check in the SAP Commerce cloud configuration
"The vulnerability is caused by an overly permissive security configuration with improper rule ordering, allowing an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution," Onapsis said about CVE-2026-34263.
On the other hand, CVE-2026-34260 could be exploited by an attacker to inject malicious SQL statements and potentially impact the confidentiality and availability of the application. However, since the affected code only allows read access to data, the vulnerability does not compromise the integrity of the application.
"It allows a low-privileged, authenticated attacker to inject malicious SQL code via user-controlled input, potentially exposing sensitive database information and crashing the application," Pathlock said.
Patches have also been released by Broadcom for a high-severity flaw in VMware Fusion (CVE-2026-41702, CVSS score: 7.8) that could pave the way for local privilege escalation. The issue has been addressed in version 26H1.
"VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary," Broadcom said. "A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed."
Round off the list is a set of five critical vulnerabilities impacting n8n -
CVE-2026-42231 (CVSS score: 9.4) - A vulnerability in the xml2js library used to parse XML request bodies in n8n's webhook handler that allows prototype pollution via a crafted XML payload, enabling an authenticated user with permission to create or modify workflows to achieve remote code execution on the n8n host. (Fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1)
CVE-2026-42232 (CVSS score: 9.4) - An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node, leading to remote code execution when combined with other nodes exploiting the prototype pollution. (Fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1)
CVE-2026-44791 (CVSS score: 9.4) - A bypass for CVE-2026-42232 that could result in remote code execution on the n8n host. (Fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1)
CVE-2026-44789 (CVSS score: 9.4) - An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node, leading to remote code execution on the n8n host. (Fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1)
CVE-2026-44790 (CVSS score: 9.4) - An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation, enabling an attacker to read arbitrary files from the n8n server and resulting in full compromise. (Fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1)
Software Patches from Other Vendors
Security updates have also been released by other vendors over the past several weeks to rectify various vulnerabilities, including -
ABB
Adobe
Amazon Web Services
AMD
Apple
ASUS
Atlassian
Axis Communications
AVEVA
Canon
Cisco
CODESYS
ConnectWise
Dell
Devolutions
Drupal
F5
Fortra
Foxit Software
Fujitsu
GitLab
GnuTLS
Google Android and Pixel
Google Chrome
Google Cloud
Grafana
Hikvision
Hitachi Energy
Honeywell
HP
HP Enterprise (including Aruba Networking and Juniper Networks )
Huawei
IBM
Intel
Jenkins
Lenovo
Linux distributions AlmaLinux , Alpine Linux , Amazon Linux , Arch Linux , Debian , Gentoo , Oracle Linux , Mageia , Red Hat , Rocky Linux , SUSE , and Ubuntu
MediaTek
Meta WhatsApp
Microsoft
Mitel
Mitsubishi Electric
MongoDB
Moxa
Mozilla Firefox, Firefox ESR, and Thunderbird
NVIDIA
OPPO
Palo Alto Networks
Phoenix Contact
Phoenix Technologies
Progress Software
QNAP
Qualcomm
React
Ricoh
Samsung
Schneider Electric
Siemens
Sophos
Spring Framework
Supermicro
Synology
Tenable
TP-Link
WatchGuard
Zoom , and
Zyxel
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
SHARE
cybersecurity, Fortinet, Ivanti, Patch Management, privilege escalation, Prototype Pollution, remote code execution, SQL Injection, Vulnerability
⚡ Top Stories This Week
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More Packages
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
Load More ▼
⭐ Featured Resources
[Webinar] Learn How to Handle Critical SOC Alerts With AI Support
[Guide] Stop Email Fraud Before It Turns Into Ransomware Damage
Identify Internal Attack Surfaces More Efficiently With a Free Assessment
[eBook] Get the 3-Number SOC Diagnostic to Reduce Queue Risk