COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-21643

CVE-2026-21643

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-13
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-21643
⚡ RCE ⌖ exploited in the wild shame 85/100 rceexploited-in-wildsupply-chain

Fortinet FortiClient EMS allows unauthenticated attackers to execute arbitrary code via SQL injection.

This SQL injection vulnerability in FortiClient EMS enables remote code execution without authentication, posing a severe risk to DIB organizations relying on endpoint management tools. The vulnerability is actively exploited in the wild, requiring immediate patching and network segmentation to prevent unauthorized access to sensitive systems.

Shame score — Active exploitation of a critical SQL injection vulnerability in a widely deployed endpoint management product indicates a significant security oversight.

Players implicated

Fortinet · vendorFortiClient EMS · product

Description

Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.