(kudelskisecurity.com) Critical Unauthenticated SQL Injection Vulnerability in FortiClient EMS 7.4.4 Under Active Exploitation
-
(kudelskisecurity.com) Critical Unauthenticated SQL Injection Vulnerability in FortiClient EMS 7.4.4 Under Active Exploitation
Critical unauthenticated SQLi in FortiClient EMS 7.4.4 (CVE-2026-21643) actively exploited—51 attacking IPs observed. Immediate patching required.
In brief - A severe unauthenticated SQL injection flaw in Fortinet FortiClient EMS 7.4.4 (CVE-2026-21643) is under active exploitation, with 51 distinct IPs targeting vulnerable instances. Successful exploitation risks unauthorized data access or manipulation via the EMS administrative interface. Patch to 7.4.5+ or apply mitigations urgently.
Technically - CVE-2026-21643 enables unauthenticated SQLi via crafted `Site` HTTP headers to `/api/v1/init_consts` in FortiClient EMS 7.4.4. Inadequate input sanitization allows arbitrary SQL execution, with public exploit code available. Mitigations include upgrading to 7.4.5/7.4.7, restricting admin interface access, and deploying a WAF to block malicious requests.
Source: https://kudelskisecurity.com/research/forticlient-ems-7-4-4-critical-sql-injection-flaw
-
R relay@relay.infosec.exchange shared this topic
