Description:
Fortinet released security advisory to address a vulnerability in Fortinet FortiClientEMS. An attacker could exploit this vulnerability by sending specially crafted requests to an affected system.
Reports indicated that the proof-of-concept (PoC) exploit code is available for a remote code execution vulnerability (CVE-2026-21643) and is at high risk of exploitation. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- FortiClientEMS version 7.4.4
For detailed information of the affected products, please refer to the section ‘Affected Products’ of corresponding security advisory at vendor's website.
Impact:
Successful exploitation of the vulnerability could lead to remote code execution on an affected system.
Recommendation:
Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21643
