- Description
- An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
- Source
- psirt@fortinet.com
- NVD status
- Modified
- Products
- forticlientems
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@fortinet.com
- CWE-89
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2022-40769 2 - CVE-2025-5777 3 - CVE-2025-8088 4 - CVE-2023-41064 5 - CVE-2026-21643 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
5 Apr 2026
256 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-21643: FortiClient EMS SQL injection—unauth RCE via admin interface. In 2026. In a "cyber-resilience" product. Patch dropped Dec 2025, exploitation active March 2026. Exposing EMS admin to internet = asking for ransomware. Literally.
@CisoRaging77913
3 Apr 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-25253 2 - CVE-2024-23222 3 - CVE-2026-3909 4 - CVE-2026-21643 5 - CVE-2026-2636 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
14 Mar 2026
157 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:forticlientems:*:*:*:*:*:*:*:*",
"matchCriteriaId": "082FFC77-0B95-4B1D-AEBE-D080B9B3C98C",
"versionEndExcluding": "7.4.5",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]