Fortinet Releases Critical Patch for FortiClientEMS SQL Injection Vulnerability
Fortinet has recently addressed a critical security vulnerability in its FortiClientEMS software, identified as CVE-2026-21643, which could allow unauthenticated attackers to execute arbitrary code on affected systems. This flaw has been assigned a CVSS score of 9.1 out of 10, indicating its high severity.
The vulnerability stems from improper neutralization of special elements used in SQL commands, commonly known as SQL Injection (CWE-89). This weakness enables attackers to send specially crafted HTTP requests that can manipulate the application’s database queries, potentially leading to unauthorized code execution.
Affected Versions:
– FortiClientEMS 7.4.4
Unaffected Versions:
– FortiClientEMS 7.2
– FortiClientEMS 8.0
To mitigate this vulnerability, Fortinet recommends upgrading to FortiClientEMS version 7.4.5 or later. The company has credited Gwendal Guégniaud of the Fortinet Product Security team for discovering and reporting this issue.
While there is no current evidence of this vulnerability being exploited in the wild, it is crucial for users to apply the provided patches promptly to safeguard their systems.
This development follows Fortinet’s recent patching of another critical vulnerability, CVE-2026-24858, which affected FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb. This flaw allowed attackers with a FortiCloud account and a registered device to access other devices registered to different accounts if FortiCloud SSO authentication was enabled. The company acknowledged active exploitation of this vulnerability, where attackers created local admin accounts for persistence, modified configurations to grant VPN access, and exfiltrated firewall configurations.
Understanding SQL Injection Vulnerabilities:
SQL Injection is a prevalent attack vector where malicious SQL statements are inserted into an entry field for execution. This can lead to unauthorized viewing of data, deletion of data, and in some cases, execution of administrative operations on the database. The impact of such vulnerabilities can be severe, including data breaches, loss of data integrity, and unauthorized access to sensitive information.
Fortinet’s Commitment to Security:
Fortinet has a history of proactively addressing security vulnerabilities across its product line. For instance, in July 2025, the company patched a critical SQL Injection flaw in FortiWeb (CVE-2025-25257) that could allow unauthenticated attackers to execute arbitrary database commands. Similarly, in January 2026, Fortinet fixed a critical OS command injection vulnerability in FortiSIEM (CVE-2025-64155), which could enable unauthenticated attackers to execute unauthorized code via crafted TCP requests.
Recommendations for Users:
1. Immediate Patching: Users of FortiClientEMS should upgrade to version 7.4.5 or later to mitigate the risk associated with CVE-2026-21643.
2. Regular Updates: Ensure that all Fortinet products are kept up-to-date with the latest security patches to protect against known vulnerabilities.
3. Monitor Security Advisories: Stay informed about security advisories from Fortinet and other relevant cybersecurity organizations to promptly address emerging threats.
4. Implement Security Best Practices: Adopt comprehensive security measures, including regular system audits, intrusion detection systems, and employee training on recognizing phishing attempts and other common attack vectors.
Conclusion:
The prompt patching of CVE-2026-21643 underscores Fortinet’s dedication to maintaining the security and integrity of its products. Users are urged to apply the necessary updates without delay to protect their systems from potential exploitation. Staying vigilant and proactive in applying security patches is essential in the ever-evolving landscape of cybersecurity threats.
