CVE-2026-8043

CRITICAL NVD

CVSS Score 9.6

Severity CRITICAL

Published May 12, 2026

Vendor unknown

Description

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.

References

https://hub.ivanti.com/s/article/Security-Advisory---Ivanti-Xtraction-CVE-2026-8043?language=en_US