Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Security Patches Released by Ivanti, Fortinet, and SAP

Critical Security Patches Released by Ivanti, Fortinet, and SAP

Posted on May 18, 2026 By CWS

Several leading technology firms, including Ivanti, Fortinet, n8n, SAP, and VMware, have issued crucial security patches to address vulnerabilities that could be exploited for unauthorized code execution and other malicious activities. These updates aim to protect systems from potential exploitation by threat actors.

The most significant of these is a critical vulnerability in Ivanti’s Xtraction software, identified as CVE-2026-8043, which carries a CVSS score of 9.6. This flaw could allow attackers to gain unauthorized access to sensitive information and launch client-side attacks. Ivanti has emphasized the importance of upgrading to version 2026.2 to mitigate these risks.

Fortinet and SAP Address Critical Vulnerabilities

Fortinet has released advisories for two major vulnerabilities affecting FortiAuthenticator and FortiSandbox, with CVSS scores of 9.1. These issues, CVE-2026-44277 and CVE-2026-26083, could permit unauthorized code execution through improper access control and missing authorization checks. Users are advised to update to the latest versions to secure their systems.

In addition, SAP has resolved two critical vulnerabilities in its S/4HANA and Commerce Cloud products, identified as CVE-2026-34260 and CVE-2026-34263, both with a CVSS score of 9.6. These flaws, involving SQL injection and missing authentication checks, could lead to malicious code execution and unauthorized configuration changes.

VMware and n8n Release Security Fixes

Broadcom has addressed a high-severity vulnerability in VMware Fusion, known as CVE-2026-41702, which could result in privilege escalation. The patch, available in version 26H1, resolves a Time-of-check Time-of-use (TOCTOU) vulnerability that could allow local non-administrative users to elevate privileges.

n8n, a workflow automation tool, has also patched five critical vulnerabilities, including CVE-2026-42231 and CVE-2026-42232, which involve prototype pollution and remote code execution. Users are encouraged to update to the latest versions to safeguard against these threats.

Ongoing Patch Management Practices

Other major vendors, such as Adobe, Microsoft, and Google, have also been actively releasing security updates to address various vulnerabilities. These efforts underscore the importance of maintaining up-to-date software to protect against the ever-evolving threat landscape.

Staying informed and promptly applying security patches is crucial for organizations to defend against potential cyber threats. With the increasing complexity and frequency of attacks, continuous vigilance and timely updates remain essential components of robust cybersecurity strategies.

The Hacker News Tags:authentication bypass, Cybersecurity, Fortinet, Ivanti, n8n, Onapsis, patch management, privilege escalation, remote code execution, SAP, security updates, Software Security, SQL injection, VMware Fusion, Vulnerabilities

Post navigation

Previous Post: Malicious npm Packages Compromise Security
Next Post: OpenClaw Vulnerabilities Enable Sandbox Escape, Backdoor Access

Related Posts

Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability The Hacker News
Salesforce Halts Klue App Due to OAuth Token Misuse Salesforce Halts Klue App Due to OAuth Token Misuse The Hacker News
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog The Hacker News
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module The Hacker News
Turning BIA Insights Into Resilient Recovery Turning BIA Insights Into Resilient Recovery The Hacker News
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Avalon Malware Framework Unveils CrownX Ransomware
  • Alibaba Considers Ban on AI Tool Over Security Concerns
  • India Cracks Down on Apps Disabling E-Rickshaws
  • Hackers Exploit SEO to Mislead AI with Malicious Codes
  • North Korea-Linked npm Packages Pose Threat to Developers

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Avalon Malware Framework Unveils CrownX Ransomware
  • Alibaba Considers Ban on AI Tool Over Security Concerns
  • India Cracks Down on Apps Disabling E-Rickshaws
  • Hackers Exploit SEO to Mislead AI with Malicious Codes
  • North Korea-Linked npm Packages Pose Threat to Developers

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark