**Critical Fortinet FortiClientEMS Flaw Allows Remote Code Execution**
Fortinet has issued an urgent advisory to address a critical vulnerability in its FortiClientEMS product, which allows remote attackers to execute malicious code without logging in. The flaw, tracked as CVE-2026-21643 with a CVSS score of 9.1, is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue.
The vulnerability, identified by Fortinet's internal security team led by Gwendal Guégniaud, enables an unauthenticated attacker to trigger the flaw and execute unauthorized code or commands via specifically crafted HTTP requests. This could give attackers an initial foothold in the target network, enabling lateral movement or malware deployment.
The advisory warns that a successful attack could have severe consequences for organizations using FortiClientEMS. "An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests," the advisory reads.
The vulnerability was discovered internally by Fortinet's Product Security team and reported immediately, but it is not clear whether the flaw is currently being actively exploited in the wild. The company has provided instructions on how to mitigate the issue, which includes applying the recommended patches or configuration changes.
FortiClientEMS is a cloud-based endpoint management system designed to provide secure access to remote networks and devices. The vulnerability highlights the importance of regular security updates and maintenance for critical systems like FortiClientEMS.
The discovery of this vulnerability serves as a reminder for organizations to stay vigilant and proactive in their cybersecurity efforts, especially when it comes to patching and updating critical infrastructure.
**Related Articles:**
* [Fortinet Urges Customers to Patch Critical Vulnerability](link to related article) * [SQL Injection Attacks: What You Need to Know](link to related article)
**Stay Up-to-Date with the Latest Security News:**
Follow me on Twitter: @securityaffairs Facebook: @securityaffairs Mastodon: @securityaffairs