Description
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Published: 2026-02-06
Score: 9.1 Critical
EPSS: 43.1% Moderate
KEV: Yes
Impact: Remote Code Execution via SQL Injection
Action: Immediate Patch
AI Analysis

Impact

An improper neutralization of special elements used in an SQL command permits SQL injection in FortiClientEMS 7.4.4. This flaw allows an unauthenticated attacker to supply crafted HTTP requests that result in execution of arbitrary SQL statements, thereby potentially enabling the attacker to execute unauthorized code or commands. The vulnerability can compromise confidentiality, integrity, and availability of the system.

Affected Systems

The affected product is Fortinet FortiClientEMS, specifically version 7.4.4. Fortinet has advised upgrading to version 7.4.5 or higher, or the upcoming 8.0.0 release, to address the issue.

Risk and Exploitability

The CVSS score of 9.1 indicates critical severity. An EPSS score of 43% indicates a high probability that the vulnerability will be exploited. The vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog, suggesting that it is actively targeted. Attackers can exploit the flaw remotely as an unauthenticated user by sending specially crafted HTTP requests to the FortiClientEMS service, potentially leading to remote code execution.

Generated by OpenCVE AI on April 21, 2026 at 23:49 UTC.

Remediation

Vendor Solution

Upgrade to upcoming FortiClientEMS version 8.0.0 or above Upgrade to FortiClientEMS version 7.4.5 or above

OpenCVE Recommended Actions

  • Upgrade FortiClientEMS to version 7.4.5 or higher, or to the 8.0.0 release as available.
  • Restart the FortiClientEMS service after installing the update so the new code is loaded.
  • Restrict unauthenticated HTTP traffic to FortiClientEMS by configuring firewall or network rules to allow only trusted IP addresses until the upgrade is complete.

Generated by OpenCVE AI on April 21, 2026 at 23:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title SQL Injection in FortiClientEMS Enables Unauthorized Code Execution

Wed, 15 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Title SQL Injection in FortiClientEMS Enables Unauthorized Code Execution

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:fortinet:forticlientems:*:*:*:*:*:*:*:*

Mon, 13 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-04-13T00:00:00+00:00', 'dueDate': '2026-04-16T00:00:00+00:00'}

Mon, 30 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:fortinet:forticlientems:*:*:*:*:*:*:*:*

Fri, 06 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 08:30:00 +0000

Type Values Removed Values Added
Description An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
First Time appeared Fortinet
Fortinet forticlientems
Weaknesses CWE-89
CPEs cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet forticlientems
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C'}

Subscriptions

Fortinet Forticlientems
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-04-14T03:55:26.806Z

Reserved: 2026-01-02T08:41:26.514Z

Link: CVE-2026-21643

cve-icon Vulnrichment

Updated: 2026-02-06T14:53:24.618Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T09:15:49.330

Modified: 2026-04-14T14:21:18.670

Link: CVE-2026-21643

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T00:00:03Z

Weaknesses