Critical FortiClient EMS flaw is under active attack, and exposed servers need patching now

A critical Fortinet FortiClient EMS vulnerability is now being exploited in the wild. Fortinet’s own advisory says CVE-2026-21643 is an unauthenticated SQL injection flaw in the FortiClient EMS administrative interface, and the company rates it Critical with a CVSS score of 9.1. The bug affects FortiClient EMS 7.4.4 and allows an unauthenticated attacker to execute […] The post Critical FortiClient EMS flaw is under active attack, and exposed servers need patching now appeared first on VPN Central.