Critical FortiClient EMS flaw lets attackers reach the database without logging in

A critical vulnerability in Fortinet FortiClient Endpoint Management Server (EMS) can let an unauthenticated attacker send crafted HTTP requests and execute unauthorized code or commands. The issue is tracked as CVE-2026-21643, and Fortinet says it affects FortiClient EMS 7.4.4, with 7.4.5 or later fixing the problem. The risk is highest for organizations running FortiClient EMS […] The post Critical FortiClient EMS flaw lets attackers reach the database without logging in appeared first on VPN Central.