← Browse CVEs
CVE-2026-21643
Critical · CVSS 9.8EPSS 94.1%CISA KEVCWE-89 · SQL Injection
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
References
Published
Community ground truth
Community verdict
3 verdictsNot a real issue
to add your verdict.
Community real-world severity: Critical (Critical 3) — CVSS base score 9.8
In line with its CVSS base score.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
No notes yet — be the first to share what you saw or a fix that worked.