Several major technology vendors, including Ivanti, Fortinet, n8n, SAP, and VMware, have recently issued critical security patches to address vulnerabilities that could allow attackers to bypass authentication and execute arbitrary code. These patches are crucial for organizations to protect their systems from potential exploitation and maintain data integrity.
The most severe flaw reported is a critical vulnerability in Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6), which could lead to information disclosure or client-side attacks. Affecting versions prior to 2026.2, this flaw allows a remote authenticated attacker to read sensitive files and write arbitrary HTML to a web directory, as stated by Ivanti in its advisory. This highlights the ongoing need for prompt patch management in enterprise software.
Critical Vulnerabilities Addressed by Major Vendors
Fortinet has released advisories for two critical security shortcomings impacting its FortiAuthenticator and FortiSandbox products. These vulnerabilities, both carrying a CVSS score of 9.1, could lead to code execution. CVE-2026-44277 in FortiAuthenticator allows an unauthenticated attacker to execute unauthorized code or commands through crafted requests due to improper access control. Similarly, CVE-2026-26083 in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI suffers from a missing authorization issue, enabling unauthenticated attackers to execute unauthorized code or commands via HTTP requests.
SAP has also been proactive in patching two critical vulnerabilities, each with a CVSS score of 9.6. CVE-2026-34260, an SQL injection vulnerability within SAP S/4HANA, could be exploited to impact the confidentiality and availability of the application by injecting malicious SQL statements. Pathlock noted that this vulnerability allows a low-privileged, authenticated attacker to expose sensitive database information and potentially crash the application. The second critical flaw, CVE-2026-34263, involves a missing authentication check in SAP Commerce cloud configuration. Onapsis described this as an overly permissive security configuration that permits an unauthenticated user to perform malicious configuration uploads and code injection, leading to arbitrary server-side code execution.
VMware, now under Broadcom, has released a patch for a high-severity flaw (CVE-2026-41702, CVSS score: 7.8) in VMware Fusion. This vulnerability, addressed in version 26H1, is a Time-of-check Time-of-use (TOCTOU) issue occurring during operations performed by a SETUID binary. Broadcom warned that a malicious actor with local non-administrative privileges could exploit this to escalate privileges to root on the system hosting Fusion.
The workflow automation platform n8n is also addressing a set of five critical vulnerabilities, each with a CVSS score of 9.4. These include prototype pollution flaws in its webhook handler and XML Node, allowing authenticated users with workflow modification permissions to achieve remote code execution. Specifically, CVE-2026-42231 affects the xml2js library, while CVE-2026-42232 involves global prototype pollution via the XML Node. CVE-2026-44791 acts as a bypass for CVE-2026-42232. Additionally, CVE-2026-44789 permits global prototype pollution via an unvalidated pagination parameter in the HTTP Request node, and CVE-2026-44790 allows an authenticated user to inject CLI flags on the Git node’s Push operation, potentially enabling attackers to read arbitrary files from the n8n server, leading to full compromise.
Broader Security Landscape and Patching Efforts
Beyond these specific vendors, a comprehensive list of security updates has been issued by numerous other organizations over recent weeks. This extensive list includes security patches from ABB, Adobe, Amazon Web Services, AMD, Apple, ASUS, Atlassian, Axis Communications, AVEVA, Canon, Cisco, CODESYS, ConnectWise, Dell, Devolutions, Drupal, F5, Fortra, Foxit Software, Fujitsu, GitLab, GnuTLS, Google (Android, Pixel, Chrome, Cloud), Grafana, Hikvision, Hitachi Energy, Honeywell, HP, HP Enterprise (including Aruba Networking and Juniper Networks), Huawei, IBM, Intel, Jenkins, Lenovo, various Linux distributions (AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, and Ubuntu), MediaTek, Meta (WhatsApp), Microsoft, Mitel, Mitsubishi Electric, MongoDB, Moxa, Mozilla (Firefox, Firefox ESR, Thunderbird), NVIDIA, OPPO, Palo Alto Networks, Phoenix Contact, Phoenix Technologies, Progress Software, QNAP, Qualcomm, React, Ricoh, Samsung, Schneider Electric, Siemens, Sophos, Spring Framework, Supermicro, Synology, Tenable, TP-Link, WatchGuard, Zoom, and Zyxel. This widespread activity underscores the dynamic nature of cybersecurity threats and the continuous effort required from vendors to secure their products.
The ongoing release of security patches by a broad spectrum of technology providers indicates a persistent challenge in safeguarding software and systems against sophisticated cyber threats. Organizations worldwide are urged to prioritize the timely application of these updates to mitigate risks. The next steps for affected users involve diligently applying the released patches from Ivanti, Fortinet, SAP, VMware, and n8n to protect their environments from exploitation. Continued vigilance and a robust patch management strategy remain essential in the evolving cybersecurity landscape.