Imagine your network security hanging by a thread, vulnerable to attackers who could sneak in and execute malicious code without ever needing a password. That's the chilling reality Fortinet users faced until recently. Fortinet, a leading cybersecurity company, has just patched a critical SQL injection (SQLi) vulnerability in its FortiClientEMS software, designated CVE-2026-21643. This flaw, with a staggering CVSS severity score of 9.1 out of 10, could allow unauthenticated attackers to execute arbitrary code on affected systems simply by sending specially crafted HTTP requests.
But here's where it gets controversial: while Fortinet hasn't confirmed active exploitation, the potential for damage is immense. SQL injection attacks are notoriously powerful, allowing attackers to steal sensitive data, modify databases, or even take complete control of compromised systems.
And this is the part most people miss: this isn't an isolated incident. Just recently, Fortinet addressed another critical vulnerability (CVE-2026-24858) in multiple products, including FortiOS and FortiManager, which allowed attackers to bypass FortiCloud SSO authentication and access devices registered to other accounts. This flaw was actively exploited, with attackers creating local admin accounts, granting themselves VPN access, and stealing firewall configurations.
The CVE-2026-21643 vulnerability specifically affects FortiClientEMS versions 7.4.4 and below, with versions 7.2 and 8.0 remaining unaffected. Users are strongly urged to update to version 7.4.5 or later immediately.
Kudos to Gwendal Guégniaud from Fortinet's Product Security team for discovering and reporting this critical flaw.
While Fortinet's swift action is commendable, these back-to-back critical vulnerabilities raise questions about the overall security posture of their products. Is Fortinet doing enough to proactively identify and address these high-risk flaws before they fall into the wrong hands?
What do you think? Are you a Fortinet user? How concerned are you about these recent vulnerabilities? Let us know in the comments below.
Stay informed about the latest cybersecurity threats and vulnerabilities by following us on Google News [https://news.google.com/publications/CAAqLQgKIidDQklTRndnTWFoTUtFWFJvWldoaFkydGxjbTVsZDNNdVkyOXRLQUFQAQ], Twitter [https://twitter.com/thehackersnews], and LinkedIn [https://www.linkedin.com/company/thehackernews/].
