EXECUTIVE SUMMARY:
Fortinet has a critical SQL injection flaw in its FortiClient Enterprise Management Server, tracked as CVE-2026-21643, that could let an unauthenticated attacker execute arbitrary code without logging in, making it extremely dangerous for organizations relying on this endpoint management platform. The vulnerability lies in how the EMS software processes incoming database queries, failing to properly sanitize user input and thereby opening the door to SQL injection–based abuse. With a CVSS base score of 9.1 — signifying severe impact and high exploitability — this flaw directly threatens the integrity of the management server environment. Affected versions include FortiClientEMS 7.4.4, where the issue has been confirmed, while other branches such as 7.2 and 8.0 are reported as not affected. Because EMS is commonly exposed to internal and external networks to manage endpoint protections, exploiting this vulnerability could give attackers full control of the management infrastructure, elevating risk across connected systems.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
Fortinet has a critical SQL injection flaw in its FortiClient Enterprise Management Server, tracked as CVE-2026-21643, that could let an unauthenticated attacker execute arbitrary code without logging in, making it extremely dangerous for organizations relying on this endpoint management platform. The vulnerability lies in how the EMS software processes incoming database queries, failing to properly sanitize user input and thereby opening the door to SQL injection–based abuse. With a CVSS base score of 9.1 — signifying severe impact and high exploitability — this flaw directly threatens the integrity of the management server environment. Affected versions include FortiClientEMS 7.4.4, where the issue has been confirmed, while other branches such as 7.2 and 8.0 are reported as not affected. Because EMS is commonly exposed to internal and external networks to manage endpoint protections, exploiting this vulnerability could give attackers full control of the management infrastructure, elevating risk across connected systems.[emaillocker id="1283"]
RECOMMENDATION:
We strongly recommend you update FortiClient Enterprise Management Server to version 7.4.5 or above.
REFERENCES:
The following reports contain further technical details:
[/emaillocker]