Critical Fortinet FortiClient EMS Vulnerability Allows Remote Code Execution - gbhackers.com

Critical Fortinet FortiClient EMS Vulnerability CVE/vulnerabilityCyber Security NewsVulnerability 1 min.Read Critical Fortinet FortiClient EMS Vulnerability Allows Remote Code Execution By Divya February 9, 2026 Share Facebook Twitter Pinterest WhatsApp A critical security vulnerability has been discovered in Fortinet’s FortiClient EMS (Endpoint Management Server), potentially exposing organizations to remote code execution attacks. The flaw, tracked as CVE-2026-21643, was disclosed on February 6, 2026, and carries a severe CVSS score of 9.1 out of 10. FortiClient EMS Vulnerability The vulnerability stems from an SQL injection flaw in the FortiClient EMS administrative interface. SQL injection occurs when attackers manipulate database queries by inserting malicious code through input fields. In this case, the software fails to properly sanitize special characters in SQL commands, creating an opening for exploitation. Data Point Details CVE ID CVE-2026-21643 Product FortiClient EMS (Endpoint Management Server) Vulnerability Type SQL Injection (SQLi) in Administrative Interface Severity Critical CVSS Score 9.1 (out of 10) What makes this vulnerability particularly dangerous is that it requires no authentication. Unauthenticated attackers can exploit the flaw remotely over the network by sending specially crafted HTTP requests to vulnerable systems. This means attackers don’t need valid credentials or physical access to compromise affected servers. Successful exploitation allows attackers to execute unauthorized code or commands on vulnerable systems, potentially leading to complete system compromise. Attackers could steal sensitive data, install malware, or use compromised systems as launching points for further attacks within an organisation’s network. The vulnerability affects FortiClient EMS version 7.4.4 specifically. Organizations using this version should take immediate action. Notably, FortiClient EMS versions 7.2 and 8.0 are not affected by this security issue, and FortiEMS Cloud users are also safe. Fortinet has released version 7.4.5 to address this critical vulnerability. Organizations running FortiClient EMS 7.4.4 should upgrade immediately to version 7.4.5 or later to protect their systems. The vulnerability was discovered internally by Gwendal Guégniaud of Fortinet’s Product Security team, demonstrating the importance of proactive security research. The relatively short timeline between discovery and public disclosure reflects the severity of the issue. System administrators should prioritize patching affected FortiClient EMS installations immediately. Before updating, organizations should review their systems to identify vulnerable versions, schedule maintenance windows for upgrades, and verify successful patch deployment. Monitoring network logs for suspicious HTTP requests targeting the administrative interface can help detect potential exploitation attempts. Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google TagsCYBER SECURITY NEWSVULNERABILITY Divya Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world. Hot this week Infosec- Resources How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities SOC Architecture How to Build and Run a Security Operations Center (SOC Guide) – 2023 Cyber Security News Network Penetration Testing Checklist – 2025 Cyber Security News Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component Checklist Web Server Penetration Testing Checklist – 2026 Topics AcquisitionAdobeAdwareAIAmazonAmazon AWSAMDAndroidAnti VirusAntimalwareAntispoofingANY RUNApacheAPIAppleAPTArtificial IntelligenceAvastAWSAzureBackdoorBitcoinBluetoothBotnetBrowserBuffer over flowBug BountyBusinessChatbotsChatGPTChecklistChromeCiscoCISOCISO AdvisoryCloudCloud SecurityCloudflareComputer SecurityCourseCPUCross site ScriptingcryptocurrencyCryptocurrency hackCVE/vulnerabilityCyber AdvisoryCyber AICyber AttackCyber Crimecyber securityCyber security CourseCyber Security NewsCyber Security ResourcesDark WebData BreachData GovernanceDDOSDealsDeepSeekDiscordDNSDos AttackDriveDropboxEducationEmailEmail SecurityEthical HackingExploitExploitation ToolsExtratorrentsFACEBOOKFeaturedFirefoxFirefox NewsFirewallForensics ToolsgameGenAIGitHubGitLabGmailGoogleGoogle dorksGovernanceGRCHacking BooksHacksHardware HackingHBOHTMLHTTPIBMIISIncident ResponseInformation GatheringInformation Security RisksInfosec- ResourcesInsider ThreatsInstagramMore CVE/vulnerability New Progress ShareFile Flaws Expose Servers to Unauthorized Remote Takeover Cyber Security News Microsoft Forces Unmanaged Windows 11 Devices to Upgrade to Version 24H2 Cyber Security News Infrastructure Engineer Pleads Guilty to Locking 254 Windows Servers at Former Employer cyber security Kimsuky Uses Malicious LNK Files to Drop Python Backdoor CVE/vulnerability CISA Includes TrueConf Security Flaw in KEV Catalog After Exploitation in the Wild Cyber Security News 14,000+ F5 BIG-IP APM Instances Exposed Online as Attackers Exploit RCE Vulnerability cyber security Axios npm compromise traced to targeted social engineering attack ChatGPT Malicious Chrome Extension “ChatGPT Ad Blocker” Targets Users, Steals Conversations Related Articles New Progress ShareFile Flaws Expose Servers to Unauthorized Remote Takeover CVE/Vulnerability April 3, 2026 Microsoft Forces Unmanaged Windows 11 Devices to Upgrade to Version 24H2 Cyber Security News April 3, 2026 Infrastructure Engineer Pleads Guilty to Locking 254 Windows Servers at Former Employer Cyber Security News April 3, 2026 Kimsuky Uses Malicious LNK Files to Drop Python Backdoor Cyber Security April 3, 2026 CISA Includes TrueConf Security Flaw in KEV Catalog After Exploitation in the Wild CVE/Vulnerability April 3, 2026 Recent News New Progress ShareFile Flaws Expose Servers to Unauthorized Remote Takeover Divya - April 3, 2026 Microsoft Forces Unmanaged Windows 11 Devices to Upgrade to Version 24H2 Divya - April 3, 2026 Infrastructure Engineer Pleads Guilty to Locking 254 Windows Servers at Former Employer Divya - April 3, 2026 Kimsuky Uses Malicious LNK Files to Drop Python Backdoor Mayura Kathir - April 3, 2026 CISA Includes TrueConf Security Flaw in KEV Catalog After Exploitation in the Wild Divya - April 3, 2026 14,000+ F5 BIG-IP APM Instances Exposed Online as Attackers Exploit RCE Vulnerability Divya - April 3, 2026