Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN502
_____________________________________________________________________

DATE                : 13/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Ivanti Xtraction versions prior
                                   to 2026.2.

=====================================================================
https://hub.ivanti.com/s/article/Security-Advisory---Ivanti-Xtraction-CVE-2026-8043?language=en_US
_____________________________________________________________________

Security Advisory - Ivanti Xtraction (CVE-2026-8043)

Primary Product
Xtraction

Created Date
May 12, 2026 2:00:59 PM

Last Modified Date
May 12, 2026 2:20:30 PM

Summary

Ivanti has released an update for Ivanti Xtraction which addresses
one Critical severity vulnerability. Successful exploitation could
lead to sensitive information disclosure and client-side attacks.

We are not aware of any customers being exploited by this vulnerability
at the time of disclosure.


Vulnerability Details:

CVE Number    Description    CVSS Score (Severity)   CVSS Vector
CWE

CVE-2026-8043
External control of a file name in Ivanti Xtraction before version
2026.2 allows a remote authenticated attacker to read sensitive files
and write arbitrary HTML files to a web directory, leading to
information disclosure and possible client-side attacks.
9.6 (Critical)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CWE-22, CWE-73


Affected Versions

Product Name     Affected Version(s)   Resolved Version(s)
Patch Availability

Ivanti Xtraction    2026.1 and prior    2026.2
Download Available in ILS


Solution

Customers can resolve this vulnerability by updating to Ivanti
Xtraction 2026.2, available in ILS.


FAQ

    Are you aware of any active exploitation of this vulnerability?
    We are not aware of any customers being exploited by this
vulnerability prior to public disclosure. This vulnerability was
disclosed through our responsible disclosure program. 
    How can I tell if I have been compromised?
    Currently, there is no known public exploitation of this
vulnerability that could be used to provide a list of indicators
of compromise.

    What should I do if I need help? 

If you have questions after reviewing this information, you can
log a case and/or request a call via the Success Portal.

Article Number :  000106658

Article Promotion Level
Normal


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================