Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution
Source: The Hacker News
Vulnerability Details
Fortinet has released security updates to address a critical flaw in FortiClientEMS that could allow unauthenticated code execution on affected systems.
- CVE: CVE‑2026‑21643
- CVSS: 9.1 (Critical)
“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability (CWE‑89) in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.” – Fortinet advisory [link]
Affected Versions
- FortiClientEMS 7.2 – Not affected
- FortiClientEMS 7.4.4 – Upgrade to 7.4.5 or later
- FortiClientEMS 8.0 – Not affected
The flaw was discovered and reported by Gwendal Guégniaud of the Fortinet Product Security team.
Additional Context
Fortinet also recently addressed another critical‑severity vulnerability affecting FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb (CVE‑2026‑24858, CVSS 9.4). This issue allowed an attacker with a FortiCloud account and a registered device to log into other devices linked to different accounts when FortiCloud SSO authentication was enabled. The company has confirmed active exploitation, including the creation of local admin accounts, configuration changes granting VPN access, and exfiltration of firewall configurations.
Reference: Fortinet patches CVE‑2026‑24858
Tags: cybersecurity, firewall, Fortinet, network security, remote code execution, sql injection, threat intelligence, vulnerability