CVE-2026-8043
CriticalSummary
In Ivanti Xtraction before version 2026.2, external control of a file name allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.
Risk Assessment
The organization may be exposed to the disclosure of sensitive data and attacks that could exploit injected malicious HTML scripts.
Recommendation
It is recommended to update Ivanti Xtraction to version 2026.2 or later and implement appropriate security measures to restrict access to sensitive files.
Original NVD description (English source)
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.

