Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Ivanti, Fortinet, n8n, SAP, and VMware released patches this week for multiple critical vulnerabilities allowing remote code execution, SQL injection, and privilege escalation attacks.

Ivanti Xtraction faces the most severe threat. CVE-2026-8043 carries a CVSS score of 9.6 and stems from external control of file names. Attackers can exploit this flaw to achieve information disclosure or launch client-side attacks. The vulnerability requires minimal complexity and no authentication, making it immediately exploitable in the wild.

Fortinet patched remote code execution flaws in FortiOS and other products. These vulnerabilities expose firewall and security appliance deployments to unauthenticated attackers who can execute arbitrary commands with system privileges. Organizations running older FortiOS versions face elevated risk.

n8n, the open-source workflow automation platform, addressed a critical SQL injection vulnerability in its core engine. The flaw permits attackers to extract sensitive database contents, including API keys and credentials stored within automation workflows. Users running self-hosted n8n instances require immediate updates.

SAP addressed privilege escalation issues across multiple enterprise applications. These vulnerabilities allow authenticated users to gain administrative access and modify system configurations without authorization. SAP customers running vulnerable versions should prioritize testing and deployment of available patches.

VMware resolved authentication bypass and remote code execution bugs affecting vSphere and related products. These flaws enable attackers to circumvent login controls and execute code within virtualized environments, potentially compromising entire infrastructure deployments.

Organizations operating these products should inventory affected systems immediately. Prioritize patching based on exposure level. Internet-facing instances of Ivanti Xtraction and Fortinet appliances require emergency attention. For SAP and VMware, patch tested and validated staging environments before production rollout to prevent service disruption. n8