Imagine your network security hanging by a thread, vulnerable to attackers who could sneak in and execute malicious code without ever needing a password. That's the chilling reality Fortinet users faced until recently. Fortinet, a leading cybersecurity company, has just patched a critical SQL injection (SQLi) vulnerability in its FortiClientEMS software, designated CVE-2026-21643. This flaw, with a staggering CVSS severity score of 9.1 out of 10, could allow unauthenticated attackers to execute arbitrary code on affected systems simply by crafting malicious HTTP requests.
But here's where it gets controversial: while Fortinet hasn't confirmed active exploitation, the company recently acknowledged that another critical flaw (CVE-2026-24858) in its FortiOS, FortiManager, and other products was actively exploited by attackers. This raises the question: could CVE-2026-21643 have been silently exploited as well?
And this is the part most people miss: SQL injection vulnerabilities, like CVE-2026-21643, are among the oldest and most dangerous web application flaws. Despite being well-documented, they continue to plague systems due to oversight or inadequate input validation. Fortinet's advisory explains that the issue stems from improper neutralization of special elements in SQL commands, a classic SQLi scenario (CWE-89).
The affected versions include:
- FortiClientEMS 7.4.4 (upgrade to 7.4.5 or later)
- FortiClientEMS 7.2 and 8.0 (not affected)
Kudos to Gwendal Guégniaud from Fortinet’s Product Security team for discovering and reporting this flaw. While Fortinet hasn’t reported exploitation in the wild, the urgency to patch cannot be overstated. Cybercriminals are quick to exploit such vulnerabilities, and delaying updates could leave your systems exposed.
This development comes on the heels of Fortinet addressing another critical flaw (CVE-2026-24858) that allowed attackers with FortiCloud accounts to access devices registered to other accounts. Alarmingly, Fortinet confirmed that this flaw was actively exploited to create rogue admin accounts, modify configurations, and exfiltrate sensitive firewall data.
Here’s the takeaway: Cybersecurity is a relentless game of cat and mouse. While Fortinet’s swift response is commendable, it underscores the importance of proactive patch management. Don’t wait for exploitation reports—stay ahead by updating your systems immediately.
What’s your take? Do you think Fortinet could have done more to prevent these vulnerabilities? Or is the onus on users to stay vigilant? Let us know in the comments below!
Found this article eye-opening? Stay informed by following us on Google News, Twitter, and LinkedIn for more exclusive cybersecurity insights.
