CRITICAL SeverityCVSS 3.19.6CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CVE-2026-8043

Last updated May 12, 2026 · Published May 12, 2026

Description

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.

Affected products

1 listed

ivanti:Xtraction

Mappings

CWE

CWE-73

CAPEC

CAPEC-165

Research

Path traversal: how to detect and prevent itPath traversal lets attackers read or write files outside intended directories. Normalise paths, resolve them…

Training

Secure File HandlingUploads, storage, and serving files without opening the door to attackers.

CVE-2026-8043

Description

Affected products

Mappings

Related