Critical RCE in Ivanti Xtraction (CVE‑2026‑8043) and Related Flaws Across Fortinet, SAP, VMware, n8n Threaten Enterprise Supply Chains
What It Is — A set of high‑severity vulnerabilities disclosed in May 2026 affect Ivanti Xtraction (CVE‑2026‑8043, CVSS 9.6), Fortinet firewalls, SAP applications, VMware virtualization platforms, and the n8n workflow automation tool. The flaws enable authentication bypass, remote code execution, SQL injection, and privilege escalation.
Exploitability — Proof‑of‑concept exploits for the Ivanti RCE have been published; other vendor patches were released pre‑emptively, indicating active threat interest. CVSS scores range from 7.8 to 9.6.
Affected Products — Ivanti Xtraction, Fortinet FortiGate/FortiOS, SAP NetWeaver, VMware vSphere/ESXi, n8n open‑source automation.
TPRM Impact — Compromise of any of these products can cascade through downstream services, exposing data, disrupting operations, and eroding trust in third‑party vendors that many organizations rely on for endpoint management, network security, ERP, cloud infrastructure, and workflow automation.
Recommended Actions –
- Verify that the latest security patches from each vendor are applied within 48 hours.
- Conduct immediate vulnerability scans on all assets running the listed products.
- Review and tighten network segmentation to limit lateral movement from potentially compromised components.
- Update third‑party risk registers to reflect the new CVE and re‑assess vendor risk scores.
- Monitor threat intel feeds for exploit activity targeting these CVEs.
Source: The Hacker News