Fortinet has released important security updates to fix a critical vulnerability in its FortiClientEMS software that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2026-21643, has been given a high severity score of 9.1 out of 10, indicating a serious security risk.
According to Fortinet, the issue is caused due to SQL injection, where the software does not properly handle certain inputs.
This could allow an unauthenticated attacker to send specially crafted web requests and execute unauthorized commands on vulnerable systems. In simple terms, an attacker would not need valid login credentials to exploit this flaw.
The vulnerability affects FortiClientEMS version 7.4.4, and users are strongly advised to upgrade to version 7.4.5 or later. Versions 7.2 and 8.0 are not affected. The issue was discovered and responsibly reported by Gwendal Guégniaud from Fortinet’s Product Security team.
While Fortinet has not reported any active exploitation of this specific flaw, the company stresses that users should apply the security updates as soon as possible to reduce risk.
This disclosure comes alongside another serious security issue recently fixed by Fortinet. That vulnerability, tracked as CVE-2026-24858 and rated 9.4, affected multiple products including FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb.
If FortiCloud single sign-on (SSO) was enabled, attackers with a FortiCloud account could gain access to devices registered under other user accounts.
Fortinet has confirmed that this second flaw has been actively exploited by attackers. In some cases, hackers created local administrator accounts, changed configurations to allow VPN access, and stole firewall configuration data.
Given the severity and real-world exploitation of these issues, Fortinet is urging users to immediately apply all available security patches to protect their systems.