Exposures › CVE-2026-21643
Fortinet FortiClient EMS allows unauthenticated attackers to execute arbitrary code via SQL injection.
This SQL injection vulnerability in FortiClient EMS enables remote code execution without authentication, posing a severe risk to DIB organizations relying on endpoint management tools. The vulnerability is actively exploited in the wild, requiring immediate patching and network segmentation to prevent unauthorized access to sensitive systems.
Shame score — Active exploitation of a critical SQL injection vulnerability in a widely deployed endpoint management product indicates a significant security oversight.
Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
No correlated FedRAMP products.