> TritonInfoSec News
Home / May 19, 2026 / Story
0
#8 The Hacker News general May 18, 2026 at 10:54 UTC

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

By [email protected] (The Hacker News)

AI Summary

Ivanti, Fortinet, SAP, VMware, and n8n released patches addressing multiple critical vulnerabilities including CVE-2026-8043 (CVSS 9.6) in Ivanti Xtraction, which enables information disclosure and client-side attacks via external file name control. Additional flaws across the five vendors cover RCE, SQL injection, authentication bypass, and privilege escalation. Organizations running any of these products should prioritize patching given the severity scores and breadth of affected enterprise software.

Read full article → https://thehackernews.com/2026/05/ivanti-fortinet-…

Relevance score: 82.0/100

# More from May 19

  1. 1
    CISA Admin Leaked AWS GovCloud Keys on Github Krebs on Security
  2. 2
    Microsoft Exchange Zero-Day Under Attack, No Patch Available Dark Reading
  3. 3
    Grafana Confirms Breach After Hackers Claim They Stole Data SecurityWeek
  4. 4
    MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems The Hacker News
  5. 5
    Zero-Day Exploit Against Windows BitLocker Schneier on Security
  6. 6
    Exploitation of Critical NGINX Vulnerability Begins SecurityWeek
  7. 7
    Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026 BleepingComputer
  8. 9
    Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware The Hacker News
  9. 10
    7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand SecurityWeek