Critical SQL Injection Vulnerability in Fortinet FortiClientEMS Allows Remote Code Execution
Fortinet patched a critical SQL injection vulnerability (CVE-2026-21643) in FortiClientEMS that allows unauthenticated attackers to execute arbitrary code.
**If you are using FortiClientEMS make sure the management interface is isolated from the internet and accessible only from trusted networks. Then plan a quick patch if you are on 7.4 versions. Attackers will start exploting this very soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sql-injection-vulnerability-in-fortinet-forticlientems-allows-remote-code-execution-7-8-j-i-r/gD2P6Ple2L