Several major technology companies including Ivanti, Fortinet, SAP, VMware, and n8n have released urgent security patches after researchers discovered multiple dangerous vulnerabilities in their products. The reported flaws include Remote Code Execution, SQL Injection, privilege escalation, authentication bypass, and arbitrary file access issues. Security experts are advising organizations to update affected systems immediately to avoid possible cyberattacks. Many of the vulnerabilities received critical severity ratings because attackers could potentially exploit them to compromise enterprise environments.

Ivanti fixed a critical vulnerability in Ivanti Xtraction identified as CVE-2026-8043 with a CVSS score of 9.6. Researchers said the flaw could allow attackers to read sensitive files, write malicious HTML files, and launch client-side attacks against users. The vulnerability affects versions before 2026.2 and has been classified as highly dangerous due to the level of access it may provide. Ivanti also addressed additional issues in Endpoint Manager involving SQL Injection and privilege escalation vulnerabilities.

The vulnerabilities in Ivanti Endpoint Manager could potentially allow attackers to gain unauthorized access or even execute malicious code on targeted systems. Security researchers warned that such flaws are especially dangerous in enterprise environments where Endpoint Manager products are widely used for device administration. If exploited successfully, attackers may be able to move further inside a network and access sensitive company resources. Organizations using affected versions were strongly advised to apply the available security updates without delay.

Fortinet also released patches for two critical vulnerabilities affecting FortiAuthenticator and multiple FortiSandbox products. One of the flaws, tracked as CVE-2026-44277, could allow an unauthenticated attacker to execute unauthorized code through specially crafted requests. Another issue, CVE-2026-26083, involved a missing authorization weakness that could lead to remote code execution through HTTP requests. Both vulnerabilities received high CVSS severity scores of 9.1 due to the potential impact on enterprise security systems.

Researchers warned that successful exploitation of the Fortinet vulnerabilities could provide attackers with significant access inside corporate networks. The affected products are commonly used in cybersecurity infrastructure, making the flaws particularly concerning for organizations worldwide. Fortinet confirmed that patches have been released for affected systems and urged customers to update immediately. Security experts also recommended reviewing logs and monitoring systems for suspicious activity following the disclosure of the vulnerabilities.

SAP addressed two critical vulnerabilities affecting SAP S/4HANA and SAP Commerce Cloud. The first vulnerability, CVE-2026-34260, is a SQL Injection flaw that could allow attackers to inject malicious database commands and access sensitive information. The second issue, CVE-2026-34263, involves a missing authentication check that may allow attackers to upload malicious configurations and potentially achieve remote code execution. Both flaws received critical severity ratings of 9.6 due to the risks they pose to enterprise environments.

VMware, owned by Broadcom, patched a high-severity privilege escalation vulnerability in VMware Fusion identified as CVE-2026-41702. Researchers described the issue as a Time-of-check Time-of-use vulnerability involving a SETUID binary. According to the advisory, a local attacker could exploit the flaw to gain root-level privileges and take control of affected systems. VMware confirmed that the vulnerability was fixed in VMware Fusion version 26H1 and advised users to update affected installations quickly.

Workflow automation platform n8n also fixed several critical vulnerabilities with CVSS scores reaching 9.4. The reported flaws included prototype pollution, arbitrary file access, and remote code execution vulnerabilities that could potentially lead to full server compromise. Researchers warned that authenticated users with workflow permissions might exploit the issues to take control of the n8n host server. Security experts said the incidents once again highlight the growing risks facing enterprise software and the importance of timely patch management.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news