Home Alerts & Advisories Alerts Critical Vulnerability in FortiClientEMS Alerts Critical Vulnerability in FortiClientEMS 11 February 2026 Fortinet has released security updates to address a critical SQL injection vulnerability in FortiClientEMS. Users and administrators of affected versions are advised to update to the latest version immediately. Background Fortinet has released security updates to address a critical vulnerability (CVE-2026-21643) affecting FortiClientEMS. The vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10. Impact Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute unauthorised code or commands via specifically crafted HTTP requests. This can lead to a complete system compromise, enabling the attacker to gain control over the underlying server and manipulate system data. Affected Products The vulnerability affects FortiClientEMS version 7.4.4. Mitigation Users and administrators of affected products are advised to update to the latest version immediately. References https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 https://nvd.nist.gov/vuln/detail/CVE-2026-21643 https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html Back to top