Critical FortiClient EMS Vulnerability Allows Remote Malicious Code Execution
By AnuPriya
February 9, 2026
Categories:
Cyber Security NewsCybersecurityVulnerability
A critical security flaw in Fortinet’s FortiClient EMS (Endpoint Management Server) puts organizations at high risk of remote code execution attacks.
Tracked as CVE-2026-21643, this vulnerability was disclosed on February 6, 2026, earning a severe CVSS score of 9.1 out of 10.
At its core, the issue is an SQL injection (SQLi) vulnerability in the FortiClient EMS administrative interface.
SQL injection happens when attackers sneak malicious code into database queries through unsecured input fields.
Here, the software doesn’t properly sanitize special characters in SQL commands, letting attackers hijack the database.
Data Point Details
CVE ID CVE-2026-21643
Product FortiClient EMS
Vulnerability Type SQL Injection in Admin Interface
Severity Critical
CVSS Score 9.1/10
What makes CVE-2026-21643 especially alarming? It requires no authentication. Attackers can exploit it remotely over the network by sending crafted HTTP requests to vulnerable servers, no login credentials or physical access needed.
Success means they can run unauthorized code, fully compromising the system. This opens doors to stealing sensitive data, deploying malware, or pivoting to other network targets.
The flaw hits FortiClient EMS version 7.4.4 hard. Versions 7.2 and 8.0 escape unscathed, as do FortiEMS Cloud users.
Fortinet acted fast, releasing version 7.4.5 to fix the hole. If you’re on 7.4.4, upgrade now to 7.4.5 or later.
Gwendal Guégniaud from Fortinet’s Product Security team found the bug internally, as detailed in FortiGuard advisory FG-IR-25-1142. The quick jump from discovery to patch shows how seriously they take it.
Mitigation Steps
Admins, act urgently:
Scan your network for FortiClient EMS 7.4.4 instances.
Schedule upgrades during low-traffic windows.
Test patches in staging before full rollout.
Watch logs for odd HTTP requests to the admin interface, signs of probes.
Limit admin interface exposure; use firewalls to block unauthenticated access.
This vulnerability underscores a key lesson: even trusted endpoint tools need constant vigilance. SQLi flaws like this have plagued software for years, from early web apps to modern enterprise gear. Proactive patching and monitoring keep attackers at bay.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
Share
Facebook
Twitter
Pinterest
WhatsApp
AnuPriya
Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends.
Recent Articles
Apple Addresses iPhone Passcode Glitch Caused by Absent Czech Keyboard Symbol
Apple April 18, 2026
Researchers Claim Fiverr User Data Is Exposed in Google Search Results
Cyber Security News April 18, 2026
Operation PowerOFF Takes Down 75,000 DDoS Attackers and 50+ Service Domains
Cyber Security News April 17, 2026
Windows Defender Zero-Day Leak Fuels Active Exploitation Campaigns
Cyber Security News April 17, 2026
OpenAI Expands Cyber Defense Program With GPT-5.4-Cyber Access for Trusted Organizations
Cyber Security News April 17, 2026
Related Stories
Apple
Apple Addresses iPhone Passcode Glitch Caused by Absent Czech Keyboard Symbol
Divya - April 18, 2026
Cyber Security News
Researchers Claim Fiverr User Data Is Exposed in Google Search Results
Divya - April 18, 2026
Cyber Security News
Operation PowerOFF Takes Down 75,000 DDoS Attackers and 50+ Service Domains
AnuPriya - April 17, 2026
Cyber Security News
Windows Defender Zero-Day Leak Fuels Active Exploitation Campaigns
AnuPriya - April 17, 2026
Cyber Security News
OpenAI Expands Cyber Defense Program With GPT-5.4-Cyber Access for Trusted Organizations
AnuPriya - April 17, 2026
Cyber Security News
Hackers Exploit TP-Link Router Flaw To Spread Mirai Malware
Varshini - April 17, 2026
LEAVE A REPLY
Comment:
Name:*
Email:*
Website: