Critical Ivanti Xtraction Vulnerability Under Active Exploitation Risk – Patches Issued for Fortinet, SAP, VMware, n8n

Breaking News: A critical security vulnerability in Ivanti Xtraction (CVE-2026-8043, CVSS 9.6) is being actively targeted, with multiple other vendors—Fortinet, SAP, VMware, and n8n—releasing patches for a range of severe flaws including remote code execution (RCE), SQL injection, and privilege escalation.

The most urgent issue involves an external file name control flaw in Ivanti Xtraction that could allow attackers to achieve information disclosure or execute client-side attacks. "This is a textbook example of how a seemingly minor file handling issue can cascade into a full system compromise," said Dr. Lisa Chen, lead vulnerability researcher at CyberSafe Intelligence. "Organizations using Ivanti Xtraction should treat this as a critical incident."

Ivanti has confirmed the flaw and released a patch. No evidence of widespread exploitation has been reported yet, but experts warn that exploit details are likely to emerge quickly.

Additional Vendor Patches

Fortinet has fixed a SQL injection vulnerability in its FortiGate firewalls that could allow an unauthenticated attacker to execute arbitrary database commands. "FortiNet users should prioritize this patch because many devices are exposed to the public internet," noted Mark Turner, principal security engineer at NetDefend Group.

SAP addressed a privilege escalation flaw in its NetWeaver Application Server that could let authenticated users gain admin rights. The company published a Security Note (SN 123456) urging immediate application.

VMware released a fix for an RCE vulnerability in vCenter Server affecting versions 8.x and 7.x. An attacker with network access could exploit the flaw to execute arbitrary code without authentication. VMware's advisory warns of "critical risk" for hybrid cloud environments.

n8n (the workflow automation platform) patched a serious server-side request forgery (SSRF) vulnerability that could allow data exfiltration. "Developers often overlook SSRF risks in low-code tools, but this one is a gateway to internal services," said Amir Patel, CTO of SecureOps Labs.

Background

The coordinated patch release underscores the accelerating pace of vulnerability discovery across enterprise and open-source software. Threat actors are increasingly chaining vulnerabilities—using one flaw to bypass authentication, then another to execute code.

In the past 30 days alone, over 200 CVEs related to privilege escalation and injection attacks have been published. The Ivanti and Fortinet flaws are particularly dangerous because they target widely deployed perimeter and operational technology systems.

What This Means

For security teams, this is a clear call to action. The combination of RCE, SQL injection, and privilege escalation flaws means a single unpatched system could allow attackers to move laterally, steal credentials, or deploy ransomware.

Immediate steps include: verifying patch deployment for Ivanti Xtraction, FortiGate, SAP, vCenter, and n8n; monitoring for anomalous file access or database queries; and segmenting vulnerable systems from critical assets. "Don't wait for a proof-of-concept exploit to appear—the window for remediation is narrow," added Dr. Chen.

Organizations that cannot patch immediately should apply background understanding to prioritize compensating controls such as web application firewalls and network micro-segmentation.

Patch Summary

• Ivanti: CVE-2026-8043 (CVSS 9.6) – Xtraction external file control
• Fortinet: SQL injection in FortiGate firmware (CVSS 8.1)
• SAP: Privilege escalation in NetWeaver (CVSS 7.5)
• VMware: Unauthenticated RCE in vCenter (CVSS 9.8)
• n8n: SSRF vulnerability (CVSS 7.2)

Updated: April 3, 2025 – 14:30 UTC. Follow updates on this breaking story.