【資安漏洞預警】FortiClient EMS存在高風險安全漏洞(CVE-2026-21643與CVE-2026-35616),請儘速確認並進行修補
[Security Vulnerability Alert] FortiClient EMS contains high-risk security vulnerabilities (CVE-2026-21643 and CVE-2026-35616). Please confirm and patch them as soon as possible.

發布單位:圖資處數位服務組
日期範圍:2026/4/13 ~ 2026/10/13
 
發布單位:圖資處數位服務組
日期範圍:2026/4/13 ~ 2026/10/13
行政 行政公告
全體

轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-200-202604-00000002

[內容說明]
研究人員發現FortiClient EMS存在SQL注入(SQL Injection)漏洞(CVE-2026-21643)與不當存取控制(Improper Access Control)漏洞(CVE-2026-35616),兩者皆可使未經身分鑑別之遠端攻擊者執行任意程式碼。
漏洞皆已遭到駭客利用,請儘速確認並進行修補。

[影響平台]
FortiClient EMS 7.4.x至7.4.6版本

[建議措施]
更新FortiClient EMS 7.4.x版本至7.4.7(含)以上版本

[參考資料]
1. https://nvd.nist.gov/vuln/detail/CVE-2026-21643
2. https://nvd.nist.gov/vuln/detail/CVE-2026-35616
3. https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
4. https://fortiguard.fortinet.com/psirt/FG-IR-26-099

Forwarded from the National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202604-00000002

[Content Description]
Researchers have discovered two vulnerabilities in FortiClient EMS: an SQL Injection vulnerability (CVE-2026-21643) and an Improper Access Control vulnerability (CVE-2026-35616). Both vulnerabilities could allow unauthenticated remote attackers to execute arbitrary code.
These vulnerabilities have already been exploited by hackers. Please confirm and patch them as soon as possible.

[Affected Platforms]
FortiClient EMS versions 7.4.x to 7.4.6

[Recommended Actions]
Update FortiClient EMS from version 7.4.x to version 7.4.7 or later.

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2026-21643
2. https://nvd.nist.gov/vuln/detail/CVE-2026-35616
3. https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
4. https://fortiguard.fortinet.com/psirt/FG-IR-26-099


相關附件
【返回上頁】
Top↑