IVANTI , Fortinet, SAP, VMware, and n8n have all released security fixes for a range of flaws that could allow unauthenticated attackers to read data, execute code or bypass authentication. The notable listing starts with Ivanti Xtraction CVE-2026-8043 (CVSS 9.6), where an external attacker could read sensitive files and write arbitrary HTML to a web directory, potentially enabling client-side attacks.
Fortinet advisories warn of two critical issues: CVE-2026-44277 (CVSS 9.1) affecting FortiAuthenticator and CVE-2026-26083 (CVSS 9.1) in FortiSandbox and related products, both permitting code execution via crafted requests or missing authorisation. SAP ships fixes for two vulnerabilities: CVE-2026-34260 (SQL injection, CVSS 9.6) and CVE-2026-34263 (missing authentication check, CVSS 9.6); CVE-2026-34263 was described as arising from overly permissive security configuration by Onapsis.
Broadcom addressed a VMware Fusion flaw, CVE-2026-41702 (CVSS 7.8), enabling local privilege escalation. Finally, five critical n8n vulnerabilities (CVE-2026-42231, 42232, 44791, 44789, 44790; all CVSS 9.4) could lead to remote code execution or full compromise via prototype pollution and unsafe workflow handling. According to Pathlock, these disclosures underscore the pervasive risk across multiple platforms.