CVE-2026-21643

216.73.216.233

· Published 06/02/2026 09:15 · Modified 06/02/2026 15:14

Labels: CVE-2026-21643 2026-02-06 CVE-2026-21643 CWE-89 [email protected]

Essential information

Published: 06/02/2026 09:15
Modified: 06/02/2026 15:14
Author: —
Creator: —
CVSS: 9.8 CRITICAL (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
fortinet / forticlientems	`cpe:2.3:a:fortinet:forticlientems:7.4.4:::::::*`