Fortinet has launched security updates to handle a essential flaw impacting FortiClientEMS that would result in the execution of arbitrary code on prone methods.
The vulnerability, tracked as CVE-2026-21643, has a CVSS ranking of 9.1 out of a most of 10.0.
“An improper neutralization of particular parts utilized in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS could permit an unauthenticated attacker to execute unauthorized code or instructions through particularly crafted HTTP requests,” Fortinet stated in an advisory.
The shortcoming impacts the next variations –
- FortiClientEMS 7.2 (Not affected)
- FortiClientEMS 7.4.4 (Improve to 7.4.5 or above)
- FortiClientEMS 8.0 (Not affected)
Gwendal Guégniaud of the Fortinet Product Safety staff has been credited with discovering and reporting the flaw.
Whereas Fortinet makes no point out of the vulnerability being exploited within the wild, it is important that customers transfer rapidly to use the fixes.
The event comes as the corporate addressed one other essential severity flaw in FortiOS, FortiManager, FortiAnalyzer, FortiProxy, FortiWeb (CVE-2026-24858, CVSS rating: 9.4) that permits an attacker with a FortiCloud account and a registered machine to log into different gadgets registered to different accounts, if FortiCloud SSO authentication is enabled on these gadgets.
Fortinet has since acknowledged that the difficulty has been actively exploited by unhealthy actors to create native admin accounts for persistence, make configuration adjustments granting VPN entry to these accounts, and exfiltrate the firewall configurations.
