CVE-2026-8043

critical

Description

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.

References

References
More

https://thehackernews.com/2026/05/ivanti-fortinet-sap-vmware-n8n-patch.html

https://www.securityweek.com/fortinet-ivanti-patch-critical-vulnerabilities/

https://hub.ivanti.com/s/article/Security-Advisory---Ivanti-Xtraction-CVE-2026-8043?language=en_US

Details

Source: Mitre, NVD

Published: 2026-05-12

Updated: 2026-05-13

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 9.6

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00091