Back

Critical SQL Injection Vulnerability in Fortinet FortiClientEMS

Severity: High (Score: 65.1)

Sources: Scworld, Cyberpress, Securityaffairs.Co, Csa.Sg, Arcticwolf

Summary

A critical SQL injection vulnerability, identified as CVE-2026-21643, has been discovered in Fortinet FortiClientEMS version 7.4.4. This flaw allows unauthenticated attackers to execute unauthorized code or commands, posing significant risks to affected systems.

Key Entities

  • Remote Code Execution (attack_type)
  • Sql Injection (attack_type)
  • Zero-day Exploit (attack_type)
  • Fortinet (company)
  • CVE-2026-21643 (cve)
  • CVE-2026-24858 (cve)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • T1203 - Exploitation for Client Execution (mitre_attack)
  • FortiClient EMS (platform)
  • FortiClientEMS (platform)
  • FortiEMS Cloud (platform)
  • Fortinet FortiClientEMS (platform)
  • FortiOS (platform)
  • FortiClient EMS Vulnerability (vulnerability)
  • Fortinet FortiClientEMS Remote Code Execution Vulnerability (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed