CVE-2026-21643

CRITICAL KEV NUCLEI

Fortinet FortiClientEMS <7.4.4 - SQL Injection

Title source: llm

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Exploits (2)

nomisec WORKING POC

by 0xBlackash · infoleak

https://github.com/0xBlackash/CVE-2026-21643

View Code ZIP pw:eip

nomisec WORKING POC

by alirezac0 · infoleak

https://github.com/alirezac0/CVE-2026-21643

View Code ZIP pw:eip

Nuclei Templates (1)

Fortinet FortiClientEMS 7.4.4 - SQL Injection

CRITICALby ritikchaddha

Shodan: http.favicon.hash:-800551065

FOFA: icon_hash="-800551065"

References (3)

[Exploit, Third Party Advisory] https://github.com/0xBlackash/CVE-2026-21643/blob/main/cve-2026-21643.py

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21643

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

Scores

CVSS v3 9.8

EPSS 0.4314

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2026-04-13

VulnCheck KEV 2026-03-28

ENISA EUVD EUVD-2026-5681

CWE

CWE-89

Status published

Products (3)

fortinet/forticlientems 7.4.4

fortinet/forticlientems 7.4.0 - 7.4.5

Fortinet/FortiClientEMS 7.4.4

Published Feb 06, 2026

KEV Added Apr 13, 2026

Tracked Since Feb 18, 2026