CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Fortinet: >> Forticlientems >> 7.4.4 Security Vulnerabilities

CVE-2026-21643

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

CVSS Score

9.8

EPSS Score

0.0

Published

2026-02-06

CVE-2025-59922

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

CVSS Score

7.2

EPSS Score

0.001

Published

2026-01-13

Page 1

Vulnerabilities

Vulnerable Software

Fortinet: >> Forticlientems >> 7.4.4 Security Vulnerabilities

Products

Pricing

Contact Us