CVE 9.1 CRITICAL

CVE-2026-21643_CVE-2026-21643

February 6, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

AI Analysis

SQL injection vulnerability allowing unauthorized code execution

Basic Information

ID CVE-2026-21643

Source fortinet

Published Feb 6, 2026 at 08:24

Affected Product

Vendor Fortinet

Product FortiClientEMS

Version 7.4.4

Affected Versions Fortinet FortiClientEMS 7.4.4

CWE Classification

CWE-89

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Fortinet

Product FortiClientEMS

Version 7.4.4

References

fortiguard.fortinet.com /psirt/FG-IR-25-1142

{
    "lastseen": "",
    "description": "An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.",
    "published": "2026-02-06T08:24:43.877Z",
    "modified": "2026-02-06T08:24:43.877Z",
    "type": "cve",
    "title": "CVE-2026-21643",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-1142",
    "id": "CVE-2026-21643",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiClientEMS 7.4.4",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiClientEMS",
    "version": "7.4.4",
    "vendor": "Fortinet",
    "ai_description": "SQL injection vulnerability allowing unauthorized code execution",
    "ai_severity": "Critical",
    "ai_vendor": "Fortinet",
    "ai_product": "FortiClientEMS",
    "ai_version": "7.4.4",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply