CVE-2026-21643

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientEMS versions 7.4.4 FortiClientEMS versions prior to 7.4.5

Description A critical SQL injection issue exists in Fortinet FortiClientEMS. This flaw allows an unauthenticated attacker to execute arbitrary code or commands by sending specially crafted HTTP requests. The vulnerability stems from improper neutralization of special elements used in SQL commands. Exploitation could lead to full administrative compromise of the EMS, unauthorized access to sensitive data, and the ability to manipulate endpoint configurations or deploy malicious software. While active exploitation of this specific vulnerability has not been officially confirmed, previous Fortinet vulnerabilities have been exploited in real-world attacks. The API endpoints are targeted, and the vulnerability lies in the improper handling of input to SQL queries. Attackers can inject malicious SQL code through HTTP requests, potentially gaining SYSTEM-level access on the EMS server. The vulnerability is rated with a CVSS score of 9.1.

Recommendations FortiClientEMS version 7.4.4: Upgrade to version 7.4.5 or a later version immediately. FortiClientEMS versions prior to 7.4.5: Upgrade to version 7.4.5 or a later version immediately.