<![CDATA[(kudelskisecurity.com) Critical Unauthenticated SQL Injection Vulnerability in FortiClient EMS 7.4.4 Under Active Exploitation]]>

<![CDATA[(kudelskisecurity.com) Critical Unauthenticated SQL Injection Vulnerability in FortiClient EMS 7.4.4 Under Active Exploitation]]>(kudelskisecurity.com) Critical Unauthenticated SQL Injection Vulnerability in FortiClient EMS 7.4.4 Under Active Exploitation

Critical unauthenticated SQLi in FortiClient EMS 7.4.4 (CVE-2026-21643) actively exploited—51 attacking IPs observed. Immediate patching required.

In brief - A severe unauthenticated SQL injection flaw in Fortinet FortiClient EMS 7.4.4 (CVE-2026-21643) is under active exploitation, with 51 distinct IPs targeting vulnerable instances. Successful exploitation risks unauthorized data access or manipulation via the EMS administrative interface. Patch to 7.4.5+ or apply mitigations urgently.

Technically - CVE-2026-21643 enables unauthenticated SQLi via crafted `Site` HTTP headers to `/api/v1/init_consts` in FortiClient EMS 7.4.4. Inadequate input sanitization allows arbitrary SQL execution, with public exploit code available. Mitigations include upgrading to 7.4.5/7.4.7, restricting admin interface access, and deploying a WAF to block malicious requests.

Source: https://kudelskisecurity.com/research/forticlient-ems-7-4-4-critical-sql-injection-flaw

#Cybersecurity #ThreatIntel

]]>https://board.circlewithadot.net/topic/2f17583c-6e06-46d6-b191-b3837cf3bdb7/kudelskisecurity.com-critical-unauthenticated-sql-injection-vulnerability-in-forticlient-ems-7.4.4-under-active-exploitationRSS for NodeFri, 15 May 2026 10:24:52 GMTTue, 28 Apr 2026 15:49:21 GMT60