Zero Day MonitorZDM

← Back to list

9.6

CVE-2026-8043PATCHED

ivanti · xtraction

CVE-2026-8043: External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read

Description

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.

Affected Products

Vendor	Product	Versions
ivanti	xtraction	—

References

https://hub.ivanti.com/s/article/Security-Advisory---Ivanti-Xtraction-CVE-2026-8043?language=en_US

Related News (4 articles)

Tier D

The Hacker News26d ago

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

→ No new info (linked only)

Tier B

CERT-FR31d ago

Multiples vulnérabilités dans les produits Ivanti (13 mai 2026)

→ No new info (linked only)

Tier C

VulDB32d ago

CVE-2026-8043 | Ivanti Xtraction up to 2026.1 HTML File file inclusion

→ No new info (linked only)

Tier B

CCCS Canada32d ago

Ivanti security advisory (AV26-450)

→ No new info (linked only)

CVSS 3.19.6 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

2026.2

CWECWE-73

PublishedMay 12, 2026

Last enriched32d agov2

Trending Score3

Source articles4

Independent4

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-10520EXP

CVE-2026-10520: An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote

HIGHCVE-2026-6973EXPKEV

CVE-2026-6973: An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authentic

CRITICALCVE-2026-10523EXP

CVE-2026-10523: An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allow

HIGHCVE-2026-10727EXP

CVE-2026-10727: An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote aut

HIGHCVE-2026-9614EXP

CVE-2026-9614: An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticate

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 12, 2026

Discovered by ZDM

May 12, 2026

Updated: affectedVersions

May 12, 2026

Patch Available

May 12, 2026

Version History

v2

Last enriched 32d ago

v2Tier C32d ago

Updated affected versions to include 2026.1 and corrected exploit availability to false.

affectedVersions

via VulDB

v132d ago

Initial creation