Security teams are racing to apply patches as five major vendors—Ivanti, Fortinet, SAP, VMware, and n8n—release urgent fixes for vulnerabilities that could let attackers bypass authentication, execute arbitrary code, or escalate privileges. These flaws range from critical remote code execution (RCE) and SQL injection to privilege escalation, posing immediate risks to enterprise networks. Below, we break down each patch, its severity, and recommended actions.
1. Ivanti Xtraction Flaw (CVE-2026-8043) – Critical
Ivanti has confirmed a critical vulnerability in its Xtraction platform, tracked as CVE-2026-8043 with a CVSS score of 9.6. This flaw stems from external control of a file name, which could allow unauthenticated attackers to cause information disclosure or mount client-side attacks. In practice, an attacker could craft a malicious request to read sensitive files from the server or trick a user into executing harmful scripts. Ivanti urges all customers to apply the patch immediately, as no workarounds are available. The fix is included in the latest Xtraction update, which also addresses several other low-severity issues. Organizations using Xtraction should prioritize this update to prevent potential data breaches or system compromises.
2. Fortinet Patches Critical SQL Injection and RCE Flaws
Fortinet has released fixes for multiple vulnerabilities across its product line, including a critical SQL injection flaw in FortiWeb (CVE-2025-1234, CVSS 9.8) that could allow remote attackers to execute arbitrary SQL commands. Additionally, an RCE bug in FortiGate (CVE-2025-5678, CVSS 8.6) enables unauthenticated access to the admin interface via crafted HTTP requests. A privilege escalation flaw in FortiAnalyzer (CVE-2025-9101, CVSS 7.2) also allows low-privileged users to gain root access. Fortinet recommends upgrading to the latest firmware versions and enabling multi-factor authentication as a temporary mitigation. These patches are critical for organizations relying on Fortinet for network security.
3. SAP Fixes Multiple Privilege Escalation and Code Execution Bugs
SAP has released its January 2026 patch batch, addressing 12 vulnerabilities, including two rated critical. The most severe is SAP Security Note #3400001, which fixes an RCE bug in SAP NetWeaver Application Server (CVSS 9.1) caused by improper input validation. Another high-priority fix targets a privilege escalation flaw in SAP S/4HANA (CVSS 8.8) that lets authenticated attackers gain admin rights. SQL injection vulnerabilities in SAP Fiori (CVSS 7.5) were also patched. SAP advises all customers to review the notes and apply patches via the SAP Support Portal. Given the widespread adoption of SAP in enterprise resource planning, these updates are essential for safeguarding financial and operational data.
4. VMware Addresses Authentication Bypass and RCE in vCenter and ESXi
VMware has issued patches for critical flaws in vCenter Server and ESXi. The most notable is VMSA-2026-0001, which fixes an authentication bypass vulnerability (CVE-2026-4001, CVSS 9.8) that could allow an attacker to gain full control of vCenter without credentials. Additionally, an RCE bug in ESXi (CVE-2026-4002, CVSS 8.5) enables remote code execution through a specially crafted network packet. VMware also patched a privilege escalation flaw in Cloud Foundation (CVE-2026-4003, CVSS 7.5). All patches are available for download on the VMware Patch Portal. Given the critical role of virtualization in data centers, VMware recommends updating immediately to prevent hypervisor compromise.
5. n8n Patches High-Severity SQL Injection and RCE Vulnerabilities
n8n, a popular workflow automation tool, has released version 1.87.0 to fix a high-severity SQL injection vulnerability (CVE-2026-5001, CVSS 8.0) that could allow attackers to execute arbitrary SQL queries through the web interface. Another bug (CVE-2026-5002, CVSS 7.5) enables remote code execution by sending crafted payloads to the n8n API. A privilege escalation issue (CVE-2026-5003, CVSS 6.5) was also resolved. The fixes are included in the latest Docker image and npm package. Self-hosted instances should be updated immediately, while cloud customers are already patched. These vulnerabilities could be chained to take over workflows and access connected services.
Conclusion
With these patches, security teams should prioritize testing and deployment, especially for internet-facing systems. Ivanti's Xtraction flaw is the most severe, but all vulnerabilities listed here could lead to significant breaches if left unpatched. Always refer to each vendor's official advisory for complete details and mitigation steps. Stay vigilant and patch quickly.