Summary

Ivanti released a critical security update for Xtraction to patch a path traversal vulnerability CVE-2026-8043) that allows authenticated attackers to read sensitive files and write malicious HTML content.

Take Action:

Patch your Xtraction instances to version 2026.2 immediately and verify that Multi-Factor Authentication is active for all users. Even though this requires authentication, assume attackers can easily find low-level credentials.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines