Vulnerability Details CVE-2026-8043
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.7%
CVSS Severity
CVSS v3 Score 9.6
References
Products affected by CVE-2026-8043
-
cpe:2.3:a:ivanti:xtraction:2021.1
-
cpe:2.3:a:ivanti:xtraction:2021.2
-
cpe:2.3:a:ivanti:xtraction:2021.3
-
cpe:2.3:a:ivanti:xtraction:2021.4
-
cpe:2.3:a:ivanti:xtraction:2022.1
-
cpe:2.3:a:ivanti:xtraction:2022.2
-
cpe:2.3:a:ivanti:xtraction:2022.3
-
cpe:2.3:a:ivanti:xtraction:2022.4
-
cpe:2.3:a:ivanti:xtraction:2023.1
-
cpe:2.3:a:ivanti:xtraction:2023.2
-
cpe:2.3:a:ivanti:xtraction:2023.3
-
cpe:2.3:a:ivanti:xtraction:2023.4
-
cpe:2.3:a:ivanti:xtraction:2024.1
-
cpe:2.3:a:ivanti:xtraction:2024.2
-
cpe:2.3:a:ivanti:xtraction:2024.3
-
cpe:2.3:a:ivanti:xtraction:2025.1
-
cpe:2.3:a:ivanti:xtraction:2025.2
-
cpe:2.3:a:ivanti:xtraction:2025.3
-
cpe:2.3:a:ivanti:xtraction:2025.4
-
cpe:2.3:a:ivanti:xtraction:2026.1