Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code.

Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026–8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks.

“External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks,” Ivanti said in an advisory.