Fortinet has released a security update to address a critical flaw affecting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems.
This vulnerability is tracked as CVE-2026-21643 and has a CVSS rating of 9.1 out of a maximum of 10.0.
Improper Disablement Vulnerability of Special Elements Used in SQL Commands (‘SQL Injection’) [CWE-89] FortiClientEMS could allow an unauthenticated attacker to execute unauthorized code or commands via a specially crafted HTTP request,” Fortinet said in the advisory.
This shortcoming affects the following versions:
FortiClientEMS 7.2 (not affected) FortiClientEMS 7.4.4 (upgrade to 7.4.5 or later) FortiClientEMS 8.0 (not affected)
Gwendal Guégniau of the Fortinet Product Security team is credited with discovering and reporting this flaw.
Fortinet has not indicated that this vulnerability is being exploited, but it is important that users apply the fix quickly.
This development comes after the company addressed another critical flaw (CVE-2026-24858, CVSS score: 9.4) in FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb that allows an attacker with a FortiCloud account and a registered device to log in to other devices registered to other accounts if FortiCloud SSO authentication is enabled on those devices.
Fortinet has since confirmed that this issue is being actively exploited by malicious attackers to create local administrator accounts for persistence, make configuration changes to allow those accounts VPN access, and compromise firewall configurations.
Source link
