Critical Fortinet FortiClient EMS Vulnerability Exploited in Attacks

Post Views: 7

Critical Fortinet FortiClient EMS Flaw Now Exploited in Attacks

A critical vulnerability in Fortinet’s FortiClient EMS platform has been found to be exploited in real-world attacks, according to threat intelligence firm Defuse.

SQL Injection Bug Affects Version 7.4.4

The vulnerability, tracked as CVE-2026-21643, is a SQL injection bug that enables unauthenticated attackers to execute arbitrary code or commands on unpatched systems through low-complexity attacks against the FortiClient EMS GUI (web interface).

According to Defuse, “we have observed exploitation attempts against this vulnerability as early as four days ago.”

Nearly 1,000 instances of FortiClient EMS are publicly exposed, leaving them vulnerable to potential attacks, as indicated by Shodan data.

Importance of Regular Software Updates and Patch Management

This incident serves as a reminder of the importance of regular software updates and patch management. Organizations relying on FortiClient EMS should prioritize upgrading to the latest version and ensuring that their systems are properly configured to prevent unauthorized access.

Fortinet’s FortiClient EMS is often targeted by attackers due to its widespread adoption in corporate networks.

In related news, the US Cybersecurity and Infrastructure Security Agency (CISA) has flagged multiple vulnerabilities in various products as actively exploited, including those in Citrix and BeyondTrust.

Staying Vigilant Against Potential Threats

Organizations should remain aware of the latest threats and vulnerabilities affecting their software and infrastructure, and take proactive steps to protect themselves against potential attacks.