CVE-2026-8043
Ivanti · Xtraction
Ivanti Xtraction allows remote authenticated attackers to read sensitive files and write arbitrary HTML files, leading to information disclosure and potential client-side attacks.
Executive summary
A critical file management vulnerability in Ivanti Xtraction allows remote attackers to read sensitive files and perform arbitrary file writes, risking full system information disclosure.
Vulnerability
The vulnerability stems from external control of a file name or path (CWE-73), allowing a remote authenticated attacker to manipulate file operations. This can be weaponized to read sensitive system files or inject malicious HTML into the web directory.
Business impact
With a CVSS score of 9.6, this vulnerability poses a severe risk of information disclosure and potential site-wide client-side attacks. Unauthorized access to system files could lead to the exposure of credentials, configuration data, or further compromise of the web server.
Remediation
Immediate Action: Upgrade Ivanti Xtraction to version 2026.2 or later to address the insecure file path handling.
Proactive Monitoring: Monitor web server logs for requests targeting sensitive system paths and unexpected file creation events in the web directory.
Compensating Controls: Use a Web Application Firewall (WAF) to block requests containing path traversal sequences or attempts to write files to restricted web directories.
Exploitation status
Public Exploit Available: Not specified
Analyst recommendation
This vulnerability represents a significant risk to the security of the Xtraction environment. Administrators must perform the update to version 2026.2 without delay and conduct a thorough review of file integrity on the host system.