Fortinet has released vital security updates to rectify a serious vulnerability in FortiClientEMS that might allow unauthorized execution of code on affected systems. The flaw, identified as CVE-2026-21643, has been assigned a CVSS score of 9.1, indicating its critical nature.
Understanding the SQL Injection Flaw
This vulnerability arises from improper neutralization of special elements within an SQL command, commonly known as SQL injection, categorized under CWE-89. This flaw could potentially allow an unauthenticated attacker to run unauthorized code or commands by sending specially designed HTTP requests, according to Fortinet’s advisory.
Affected Software Versions
The vulnerability impacts specific versions of FortiClientEMS. Versions 7.4.4 require an upgrade to version 7.4.5 or higher to mitigate the threat. Versions 7.2 and 8.0 are not affected. The flaw was discovered by Gwendal Guégniaud from Fortinet’s Product Security team.
Immediate Action Recommended
Although there is no evidence of exploitation in the wild, Fortinet emphasizes the urgency for users to apply the released updates to safeguard their systems. Ignoring these updates could leave systems vulnerable to potential attacks exploiting the flaw.
Recently, Fortinet addressed another critical vulnerability in its FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb products. This flaw, identified as CVE-2026-24858 with a CVSS score of 9.4, allowed attackers with access to FortiCloud accounts to log into other registered devices if FortiCloud SSO authentication was enabled.
Exploitation and Mitigation
Fortinet acknowledged that the latter vulnerability has been actively exploited by malicious actors. Attackers used this access to create local admin accounts, alter configurations to grant VPN access, and extract firewall configurations. This underscores the importance of promptly applying security patches to prevent similar breaches.
In conclusion, maintaining updated security measures is crucial to protect against such vulnerabilities. Fortinet’s prompt action in releasing these updates highlights the importance of staying vigilant and proactive in cybersecurity practices.
