[Vulnerability Alert] Critical Security Vulnerability Found in FortiClientEMS (CVE-2026-21643)

Date Posted: 2026/02/13

Subject Explanation: [Vulnerability Alert] Critical Security Vulnerability Found in FortiClientEMS (CVE-2026-21643)

Content Description:
- Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202602-00000007
- FortiClientEMS is an endpoint management server by Fortinet, used for centrally managing FortiClient agents, supporting endpoint deployment, configuration, and monitoring.
- A critical security vulnerability advisory (CVE-2026-21643, CVSS: 9.8) was recently released. This is a SQL injection vulnerability that may allow unauthenticated attackers to execute unauthorized code or commands via specially crafted HTTP requests.
Impacted Platforms:
- FortiClientEMS 7.4.4 and earlier versions
Suggested Measures:
- Please update to the following versions: FortiClientEMS 7.4.5 and later versions
References:
1. https://www.twcert.org.tw/tw/cp-169-10709-e99a2-1.html

Computer and Communication Center
Network Systems Division