[Security Vulnerability Alert] FortiClient EMS contains high-risk security vulnerabilities (CVE-2026-21643 and CVE-2026-35616). Please confirm and patch them as soon as possible.

 
2026/4/13 ~ 2026/10/13
View Count:51

Forwarded from the National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202604-00000002

[Content Description]
Researchers have discovered two vulnerabilities in FortiClient EMS: an SQL Injection vulnerability (CVE-2026-21643) and an Improper Access Control vulnerability (CVE-2026-35616). Both vulnerabilities could allow unauthenticated remote attackers to execute arbitrary code.
These vulnerabilities have already been exploited by hackers. Please confirm and patch them as soon as possible.

[Affected Platforms]
FortiClient EMS versions 7.4.x to 7.4.6

[Recommended Actions]
Update FortiClient EMS from version 7.4.x to version 7.4.7 or later.

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2026-21643
2. https://nvd.nist.gov/vuln/detail/CVE-2026-35616
3. https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
4. https://fortiguard.fortinet.com/psirt/FG-IR-26-099

Files
None
【Back】
Top↑