9.6
CVE-2026-8043
- EPSS 0.87%
- Veröffentlicht 12.05.2026 14:11:30
- Zuletzt bearbeitet 13.05.2026 20:34:20
- Quelle 3c1d8aa1-5a33-4ea4-8992-aadd64
- CVE-Watchlists
- Unerledigt
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.87% | 0.54 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 9.6 | 3.1 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
|
CWE-73 External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://hub.ivanti.com/s/article/Security-Advisory---Ivanti-Xtraction-CVE-2026-8043?language=en_US