Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws — Ravie LakshmananMay 18, 2026Vulnerability / Software Security [htt
What’s new: Ivanti, Fortinet, SAP, VMware, and n8n have released patches for critical vulnerabilities. Key issues include a critical RCE flaw in Ivanti Xtraction (CVE-2026-8043, CVSS 9.6), vulnerabilities in Fortinet products allowing unauthorized code execution (CVE-2026-44277, CVE-2026-26083, both CVSS 9.1), and SQL injection vulnerabilities in SAP S/4HANA (CVE-2026-34260, CVSS 9.6). VMware Fusion has a local privilege escalation flaw (CVE-2026-41702, CVSS 7.8), and n8n has multiple critical vulnerabilities allowing remote code execution (CVE-2026-42231, CVE-2026-42232, CVE-2026-44791, CVE-2026-44789, CVE-2026-44790, all CVSS 9.4).
Who’s affected
Organizations using Ivanti Xtraction, Fortinet’s FortiAuthenticator and FortiSandbox, SAP S/4HANA, VMware Fusion, and n8n versions prior to the latest patches are at risk.
What to do
- Update Ivanti Xtraction to version 2026.2 or later.
- Patch FortiAuthenticator (versions 6.5.7, 6.6.9, 8.0.3) and FortiSandbox (versions 4.4.9, 5.0.2, Cloud version 5.0.6, PaaS versions 4.4.9, 5.0.2).
- Apply SAP security updates for CVE-2026-34260 and CVE-2026-34263.
- Upgrade VMware Fusion to version 26H1.
- Update n8n to versions 1.123.32, 2.17.4, 2.18.1, 1.123.43, 2.20.7, or 2.22.1 as applicable.
