CVE-2026-21643CRITICAL · 9.8TrackedCISA KEV

Fortinet · FortiClient EMS

Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Disclosed

2026-02-06

123 days ago

Status

no honeypot capture yet

on CISA KEV — watching

7-day events

across 0 distinct IPs

7-day spread

0 ASN · 0 cty

0 active days

Top ASNs

No events captured yet.

Top countries

No events captured yet.

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
https://nvd.nist.gov/vuln/detail/CVE-2026-21643

↗ NVD ↗ CISA KEV ↗ Search analyses