Fortinet hit by another exploited cybersecurity flaw
Summary
A critical SQL injection vulnerability, CVE-2026-21643, has been discovered and is being actively exploited in Fortinet's FortiClient Endpoint Management Server (EMS). This flaw allows unauthenticated attackers to execute arbitrary code on unpatched systems via crafted HTTP requests, potentially leading to access to sensitive data and administrative credentials.
IFF Assessment
The active exploitation of a critical vulnerability in a widely-used cybersecurity product is bad news for defenders as it presents an immediate threat to their infrastructure.
Severity
The vulnerability allows for pre-authentication remote code execution with high impact on confidentiality, integrity, and availability. The attack vector is network-based, and the complexity is low, making it highly exploitable.
Defender Context
Defenders should prioritize patching FortiClient EMS to version 7.4.5 or later immediately to mitigate the risk of exploitation. This incident highlights the ongoing trend of attackers targeting cybersecurity vendors themselves and the critical need for prompt patching of security products.