Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems.
The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests,” Fortinet said in an advisory.
The shortcoming affects the following versions –
- FortiClientEMS 7.2 (Not affected)
- FortiClientEMS 7.4.4 (Upgrade to 7.4.5 or above)
- FortiClientEMS 8.0 (Not affected)
Gwendal Guégniaud of the Fortinet Product Security team has been credited with discovering and reporting the flaw.
While Fortinet makes no mention of the vulnerability being exploited in the wild, it’s essential that users move quickly to apply the fixes.
The development comes as the company addressed another critical severity flaw in FortiOS, FortiManager, FortiAnalyzer, FortiProxy, FortiWeb (CVE-2026-24858, CVSS score: 9.4) that allows an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
Fortinet has since acknowledged that the issue has been actively exploited by bad actors to create local admin accounts for persistence, make configuration changes granting VPN access to those accounts, and exfiltrate the firewall configurations.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign