{“lastseen”:”2026-02-10T04:43:02″,”description”:”\\n\\nFortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems.\\n\\nThe vulnerability, tracked as **CVE-2026-21643** , has a CVSS rating of 9.1 out of a maximum of 10.0.\\n\\n\\”An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests,\\” Fortinet said in an advisory.\\n\\nThe shortcoming affects the following versions -\\n\\n * FortiClientEMS 7.2 (Not affected)\\n * FortiClientEMS 7.4.4 (Upgrade to 7.4.5 or above)\\n * FortiClientEMS 8.0 (Not affected)\\n\\n\\n\\nGwendal Gu\u00e9gniaud of the Fortinet Product Security team has been credited with discovering and reporting the flaw.\\n\\nWhile Fortinet makes no mention of the vulnerability being exploited in the wild, it’s essential that users move quickly to apply the fixes.\\n\\nThe development comes as the company addressed another critical severity flaw in FortiOS, FortiManager, FortiAnalyzer, FortiProxy, FortiWeb (CVE-2026-24858, CVSS score: 9.4) that allows an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.\\n\\nFortinet has since acknowledged that the issue has been actively exploited by bad actors to create local admin accounts for persistence, make configuration changes granting VPN access to those accounts, and exfiltrate the firewall configurations.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2026-02-10T04:38:00″,”modified”:”2026-02-10T04:38:52″,”type”:”thn”,”title”:”Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution”,”source”:””,”references”:””,”id”:”THN:BB573C19DD4DEFB3F7BBE887CCCC6D26″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2026-21643″,”CVE-2026-24858″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2026\/02\/fortinet-patches-critical-sqli-flaw.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-10T04:43:02″,”description”:”\\n\\nFortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems.\\n\\nThe vulnerability,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,35,12,13,7,11,43,5],"class_list":["post-39968","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n