Critical FortiClient SQL Injection Vulnerability Enables Arbitrary Database Access

A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS). Tracked as CVE-2026-21643, this severe flaw carries a CVSS score of 9.1. It allows unauthenticated attackers to execute arbitrary SQL commands and access sensitive database information. The issue specifically affects FortiClient EMS version 7.4.4 when multi-tenant mode is active. The root cause stems […]

The post Critical FortiClient SQL Injection Vulnerability Enables Arbitrary Database Access appeared first on Cyber Security News.