Fortinet Patches Critical SQL Injection Flaw in FortiClientEMS Enabling Unauthenticated Code Execution

Fortinet has released an urgent security update to fix a critical SQL injection vulnerability (CVE-2026-21643) affecting its FortiClientEMS product. The flaw could allow a remote, unauthenticated attacker to execute unauthorized code or commands on vulnerable servers by sending crafted HTTP requests to the administrative interface. According to FortiGuard Labs, the underlying issue is an improper […] The post Fortinet Patches Critical SQL Injection Flaw in FortiClientEMS Enabling Unauthenticated Code Execution appeared first on VPN Central.