CVE-2026-21643

Critical CVSS: 9.8

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Vendor

Fortinet

Product

Forticlientems

CWE

CWE-89

Yayın Tarihi

2026-02-06 09:15:49

Güncelleme

2026-03-30 13:16:22

Source Identifier

psirt@fortinet.com

KEV Date Added

Kategoriler

CWE-89 Forticlientems CRITICAL Fortinet 2026

Referanslar

https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 https://github.com/0xBlackash/CVE-2026-21643/blob/main/cve-2026-21643.py

Benzer Kayıtlar

Critical

CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta…

Medium

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, Fort…

High

CVE-2026-25836

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet…

Medium

CVE-2026-25972

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiS…

Medium

CVE-2026-25689

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDec…

Medium

CVE-2026-24640

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7…