【Vulnerability Alert】Ivanti’s Xtraction contains a high-risk information security vulnerability (CVE-2026-8043)

publish date : 2026-05-15 update date : 2026-05-15

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026051404050303 Publication Time 2026-05-14 16:59:04
Incident Type ANA-Vulnerability Alert Discovery Time 2026-05-14 16:59:04
Impact Level Low  
[Subject]
【Vulnerability Alert】Ivanti’s Xtraction contains a high-risk information security vulnerability (CVE-2026-8043)
[Content]

Forwarded from TWCERTCC-200-202605-00000007

Ivanti’s Xtraction is an IT reporting and data visualization platform that can integrate data from different IT systems into the same dashboard, making it convenient for real-time viewing and analysis. Recently, Ivanti released an advisory on a critical information security vulnerability (CVE-2026-8043, CVSS: 9.6). This vulnerability allows an authenticated attacker to read sensitive files and write arbitrary HTML files into the website directory.

Information Sharing Level: WHITE (The information content is information that may be publicly disclosed)
[Affected Platform]

Ivanti Xtraction 2026.1 (inclusive) and earlier versions

 
[Recommended Actions]

Please update to Ivanti Xtraction 2026.2 (inclusive) or later versions

 

[Reference]
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center