CVE-2026-8043

Published: Mag 12, 2026 Last Modified: Mag 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,6

Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.

External Control of File Name or Path

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Read Files Or Directories Modify Files Or Directories Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Other)

Applicable Platforms

Operating Systems: Unix, Windows, macOS

Likelihood of Exploit: High

View CWE Details

https://hub.ivanti.com/s/article/Security-Advisory---Ivanti…

https://hub.ivanti.com/s/article/Security-Advisory---Ivanti-Xtraction-CVE-2026-…

CVE-2026-8043

Description

External Control of File Name or Path

Common Consequences

Applicable Platforms

Iscriviti alla newsletter