Fortinet has released their identification of a critical security vulnerability, which they have closed in FortiClientEMS version 7.4.4. Unfortunately, this flaw has a Common Vulnerability Scoring System (CVSS) rating of 9.1 out of a possible 10.0. This high score further underscores its seriousness and it highly endangers the users. Under CVE-2023-31047, unauthenticated attackers now have the ability to execute unauthorized code/commands. They can achieve this via carefully constructed HTTP requests — a serious risk to system integrity.
Gwendal Guégniaud, member of the Fortinet Product Security team, is credited with discovery and responsible disclosure of this critical vulnerability. Fortinet has since removed this security risk after this disturbing find. They recommend users of FortiClient EMS 7.4.4 move to version 7.4.5 or above as soon as possible to mitigate the risks.
Details of the Vulnerability
CVE-2026-21643, SQL Injection Vulnerability It is the result of not correctly sanitizing or escaping special character sequences embedded in SQL statements (CWE-89). Download Attackers could exploit this vulnerability to execute commands in the impacted application without authorization. This could spell apocalyptic doom for those affected systems.
“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests,” – Fortinet.
The impact of this vulnerability could be huge, especially for organizations that trust FortiClientEMS to manage and secure all their endpoints. Attackers may be able to exploit this vulnerability in order to gain access to sensitive information or interrupt service.
Affected and Unaffected Versions
FortiClientEMS version 7.4.4 is directly impacted by CVE-2026-21643. Users need to register now to protect their networks! Customers using FortiClientEMS versions 7.2 and 8.0 need not worry. This is great news, because it means their systems are safe from this particular vulnerability. As evidenced by the differing versions, these changes underscore the need for all security software to be regularly updated to defend against a rapidly changing and evolving threat landscape.
Similar to its response to this vulnerability, Fortinet has long promoted the importance of swift patching in all of its external messaging. This could cause some serious issues, and so we highly recommend all users upgrade to 7.4.5 or greater. This release contains important security patches to resolve the SQL injection vulnerability.
Recommendations for Users
This new finding makes it imperative for users to do something about it. Take account of your existing FortiClientEMS versions today and ensure you’re on supported releases. Upgrading is the best way to protect against CVE-2026-21643 and makes the entire system more secure by integrating other recent updates and improvements.
We encourage all organizations to make version checking and version prioritizing a part of their software management practices and general cybersecurity hygiene. By implementing these forward-looking measures, they can go a long way toward minimizing their risk from vulnerabilities such as CVE-2026-21643.