CVE-2026-21643

critical

Fortinet

CVSS v3 Base Score

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: February 6, 2026

Last Modified: February 17, 2026

Vendor: Fortinet

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

CWE

CWE-89

Affected Products

fortinet forticlientems

References

🔗 fortiguard.fortinet.com

CVE-2026-21643

Vulnerability Report

Description

CWE

Affected Products

References