CVE-2026-21643: Fortinet FortiClient EMS SQL Injection Vulnerability.

Fortinet FortiClient EMS SQL Injection Vulnerability. Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

• CISA KEV-listed (remediation due 2026-04-16)
• EPSS 70.9% (98.7% percentile)

Browse the CVE database

Read the full analysis on IntelFusions