Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: vmware (2 articles)Clear

Critical patches from Ivanti, Fortinet, SAP, VMware Fusion, and n8n - RCE, SQL injection, prototype pollution

A wave of critical patches landed across enterprise vendors. Fortinet shipped fixes for two unauthenticated code-execution flaws (CVE-2026-44277 in FortiAuthenticator, CVE-2026-26083 in FortiSandbox / FortiSandbox Cloud / FortiSandbox PaaS, both CVSS 9.1). SAP patched a 9.6-rated SQL injection in S/4HANA and a missing-auth check in SAP Commerce that allows unauthenticated code execution. Ivanti Xtraction got a fix for arbitrary file read and write. Broadcom patched a VMware Fusion macOS local-privilege-escalation (CVE-2026-41702). And the n8n automation platform shipped five CVSS 9.4 issues, including XML-driven prototype pollution that authenticated workflow editors could turn into RCE.

Check
Pull the installed-version list for FortiAuthenticator, FortiSandbox/Cloud/PaaS, SAP S/4HANA, SAP Commerce, Ivanti Xtraction, VMware Fusion, and self-hosted n8n. Compare against the fixed versions in action_solution.
Affected
FortiAuthenticator before 6.5.7/6.6.9/8.0.3; FortiSandbox before 4.4.9/5.0.2; SAP S/4HANA, SAP Commerce, Ivanti Xtraction before 2026.2; VMware Fusion before 26H1; n8n before 1.123.32/2.17.4/2.18.1.
Fix
Upgrade FortiAuthenticator to 6.5.7/6.6.9/8.0.3, FortiSandbox to 4.4.9/5.0.2, Ivanti Xtraction to 2026.2, VMware Fusion to 26H1, and n8n to 1.123.32/2.17.4/2.18.1. Apply SAP's May notes for CVE-2026-34260 and CVE-2026-34263.

Pwn2Own Berlin Day 3: DEVCORE wins Master of Pwn ($505K), SharePoint falls in 2-bug chain, $1.298M total

The Pwn2Own Berlin 2026 contest wrapped up Saturday at OffensiveCon, paying out $1,298,250 for 47 unique zero-days across three days. Taiwan's DEVCORE took the Master of Pwn title with 50.5 points and $505,000 in winnings. The headline Day 3 result came from DEVCORE researcher splitline, who chained two bugs into a successful exploit of Microsoft SharePoint, earning $100,000 and 10 points. SharePoint had survived a failed Rapid7 attempt on Day 2, making this a notable late-contest catch. Day 3 also saw attempts against VMware ESXi, Windows 11, Red Hat Enterprise Linux, and OpenAI Codex. All disclosed bugs now enter ZDI's 90-day disclosure window.

Check
Subscribe to the ZDI advisory feed at zerodayinitiative.com/advisories. Identify SharePoint, VMware ESXi, Windows 11, RHEL, and Codex deployments that may need urgent patches over the next 90 days.
Affected
Microsoft SharePoint, VMware ESXi, Windows 11, Red Hat Enterprise Linux, and OpenAI Codex - all targeted at Pwn2Own Berlin 2026 (47 unique zero-days disclosed May 14-16).
Fix
Apply vendor patches the moment ZDI advisories ship and fixes land. Prioritize internet-facing SharePoint and ESXi instances. Until then, restrict access to management interfaces.