Threat actors are exploiting a critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient EMS, which allows remote, unauthenticated attackers to execute arbitrary code, with over 1,000 deployments potentially exposed online despite Fortinet's patch release.
A critical-severity SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient EMS is actively being exploited, allowing remote, unauthenticated attackers to execute arbitrary SQL code and access sensitive data. To mitigate this threat, ensure that FortiClient EMS is updated to version 7.4.5, which addresses the flaw introduced in version 7.4.4. Rapid patching and monitoring for indicators of compromise are crucial, given the availability of proof-of-concept exploitation code and ongoing attacks.