Description
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests
Published: 2026-04-14
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an improper neutralization of special elements in SQL commands, enabling a classic SQL injection. Several FortiClientEMS releases, including those in the 7.4.x, 7.2.x, and 7.0 series, contain the flaw. An attacker who can send crafted requests to the affected EMS service may execute arbitrary SQL and potentially run unauthorized code or commands, compromising data integrity, confidentiality, and possibly gaining full system control.

Affected Systems

The flaw affects Fortinet FortiClientEMS products across multiple major releases. Versions 7.4.0 through 7.4.5, 7.2.0 through 7.2.12, and all releases of the 7.0 line are vulnerable. The CPE entries list specific 7.4.x variants up to 7.4.4, confirming these as affected. Administrators should identify whether their infrastructure runs any of these versions.

Risk and Exploitability

The CVSS base score is 6.2, placing the risk in the medium range, and the EPSS score is not available, making precise exploitation probability hard to assess. The vulnerability is not currently in CISA’s KEV catalog. Given that the flaw requires sending malformed SQL payloads over a network interface, the likely attack vector is remote over the EMS service’s exposed ports. Attackers could invoke the vulnerability without authentication if the EMS is reachable externally, making remediation urgent.

Generated by OpenCVE AI on April 14, 2026 at 20:47 UTC.

Remediation

Vendor Solution

Upgrade to FortiClientEMS version 7.4.6 or above Upgrade to FortiClientEMS version 7.4.5 or above Upgrade to FortiClientEMS version 7.2.13 or above

OpenCVE Recommended Actions

  • Check your FortiClientEMS current version.
  • If the version is 7.4.0–7.4.5, upgrade to 7.4.6 or newer.
  • If the version is 7.2.0–7.2.12, upgrade to 7.2.13 or newer.
  • If using 7.0.x, apply the latest available FortiClientEMS patch.

Generated by OpenCVE AI on April 14, 2026 at 20:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:fortinet:forticlientems:*:*:*:*:*:*:*:*

Wed, 15 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Fortinet FortiClientEMS Enabling Unauthorized Code Execution

Tue, 14 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here> A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
First Time appeared Fortinet
Fortinet forticlientems
Weaknesses CWE-89
CPEs cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet forticlientems
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C'}

Subscriptions

Fortinet Forticlientems
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-04-15T03:58:18.867Z

Reserved: 2026-04-07T15:24:05.925Z

Link: CVE-2026-39809

cve-icon Vulnrichment

Updated: 2026-04-14T15:48:35.917Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T16:16:45.017

Modified: 2026-04-21T17:02:54.133

Link: CVE-2026-39809

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:30:06Z

Weaknesses