A critical vulnerability in Fortinet's FortiClient EMS platform, identified as CVE-2026-21643, is being actively exploited by attackers to achieve remote code execution via SQL injection, posing a significant threat to affected systems. The flaw, which carries a CVSS score of 9.1, has been targeted by threat actors despite its current status on CISA's Known Exploited Vulnerabilities list as not exploited1. Researchers warn that the vulnerability is now being leveraged for malicious purposes, highlighting the need for immediate attention and patching. The exploitation of this vulnerability underscores the importance of timely remediation, as the status of CVE-2026-21643 on CISA's list determines whether it is a patch-now or monitor situation. This vulnerability matters to security practitioners because it necessitates prompt action to prevent potential breaches and protect sensitive data.
Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution
⚠️ Critical Alert
Why This Matters
CVE-2026-21643 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, March 30). Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution. *SecurityAffairs*. https://securityaffairs.com/190158/security/critical-fortinet-forticlient-ems-flaw-exploited-for-remote-code-execution.html
Original Source
SecurityAffairs
Read original →