Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, SAP, VMware, and n8n release critical patches for RCE, SQL injection, and privilege escalation flaws — including CVSS 9.6 vulnerabilities. Update now.
What’s new: Ivanti, Fortinet, SAP, VMware, and n8n have released patches addressing critical vulnerabilities, including remote code execution (RCE), SQL injection, and privilege escalation flaws. Key vulnerabilities include Ivanti Xtraction (CVE-2026-8043, CVSS 9.6), Fortinet’s FortiAuthenticator (CVE-2026-44277, CVSS 9.1), SAP S/4HANA (CVE-2026-34260, CVSS 9.6), and multiple critical issues in n8n (CVE-2026-42231, CVSS 9.4). These vulnerabilities could allow unauthorized access, code execution, or data exposure.
Who’s affected
Organizations using Ivanti Xtraction, Fortinet FortiAuthenticator, FortiSandbox, SAP S/4HANA, SAP Commerce Cloud, VMware Fusion, and n8n versions prior to the latest patches are at risk.
What to do
- Update Ivanti Xtraction to version 2026.2 or later to mitigate CVE-2026-8043.
- Patch FortiAuthenticator to versions 6.5.7, 6.6.9, or 8.0.3; FortiSandbox to versions 4.4.9 or 5.0.2.
- Apply SAP security updates for CVE-2026-34260 and CVE-2026-34263.
- Upgrade VMware Fusion to version 26H1 to address CVE-2026-41702.
- Update n8n to versions 1.123.32, 2.17.4, or 2.18.1 to fix multiple CVE-2026 vulnerabilities.
