To fix a serious vulnerability in FortiClientEMS that could allow arbitrary code to run on vulnerable systems, Fortinet has published security updates This article explores forticlientems unaffected vulnerability. . With a CVSS rating of 9.1 out of a possible 10.0, the vulnerability is known as CVE-2026-21643.

In an advisory, Fortinet stated that "an unauthenticated attacker may be able to execute unauthorized code or commands via specifically crafted HTTP requests due to an improper neutralization of special elements used in a SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS." The following versions are impacted by the flaw: FortiClientEMS 7.2 (Not affected) Upgrade to 7.4.5 or higher from FortiClientEMS 7.4.4. FortiClientEMS 8.0 (Unaffected) The vulnerability was found and reported by Gwendal Guégniaud of the Fortinet Product Security team.

Users must act swiftly to implement the fixes, even though Fortinet makes no mention of the vulnerability being exploited in the wild. This development coincides with the company fixing another critical severity flaw in FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb (CVE-2026-24858, CVSS score: 9.4) that, if enabled on those devices, enables an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts. Since then, Fortinet has admitted that malicious actors have actively taken advantage of the vulnerability to establish persistent local admin accounts, modify configurations to allow VPN access to those accounts, and steal firewall configurations.