Fortinet Patches Critical SQL Injection Vulnerability

Fortinet has released security updates to address a critical vulnerability in FortiClientEMS, identified as CVE-2026-21643, which has a severity rating of 9.1 out of 10. This vulnerability allows unauthenticated attackers to execute arbitrary code on affected systems by sending specially crafted HTTP requests. The issue was discovered and reported by Gwendal Guégniaud from Fortinet. Although there is no confirmation of active exploitation, users are urged to apply the patches promptly.

This update follows a recent fix for another severe vulnerability (CVE-2026-24858, rated 9.4) affecting FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb. This flaw allowed attackers with a FortiCloud account and a registered device to access other devices registered to different accounts if FortiCloud SSO was enabled. Fortinet has acknowledged that this vulnerability has been exploited to create admin accounts, modify settings for VPN access, and exfiltrate firewall configurations.

Stay secure — stay Wavasec. 🔐