CVE-2026-21643

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized cod

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Affected Products

Vendor	Product	Versions
fortinet	forticlientems	< 7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-1142(Vendor Advisory)

Related News (1 articles)

Tier B

CERT-FR2d ago

Bulletin d'actualité CERTFR-2026-ACT-012 (23 mars 2026)

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-89

Published2/6/2026

Last enriched4h ago

Trending Score16

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%