Fortinet has issued security updates to resolve a critical vulnerability in FortiClientEMS that could allow attackers to execute arbitrary code on affected systems without authentication.
The flaw, identified as CVE-2026-21643, carries a CVSS score of 9.1 out of 10.0. According to the company, the issue stems from improper neutralization of special elements used in SQL commands.
“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests,” Fortinet said in an advisory.
The vulnerability impacts FortiClientEMS 7.4.4, and users are advised to upgrade to version 7.4.5 or later. Versions 7.2 and 8.0 are not affected. The flaw was discovered and reported by Gwendal Guégniaud from the Fortinet Product Security team.
Although there is no indication that CVE-2026-21643 has been exploited in the wild, Fortinet has urged customers to apply the available patches without delay.
In a related development, the company also addressed another critical vulnerability, CVE-2026-24858, which has a CVSS score of 9.4. This issue affects FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb.
The vulnerability could allow an attacker with a FortiCloud account and a registered device to access other devices tied to separate accounts if FortiCloud SSO authentication is enabled. Fortinet has confirmed that this flaw has been actively exploited.
Threat actors reportedly used the vulnerability to create local administrator accounts for persistence, modify configurations to grant VPN access, and extract firewall configuration data.
The latest disclosures highlight the importance of timely patching and strict access controls to prevent potential exploitation.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
