Date Posted: 2026/04/09

[Vulnerability Alert] High-Risk Security Vulnerabilities Found in FortiClient EMS (CVE-2026-21643 and CVE-2026-35616), Please Confirm and Patch Immediately

Subject Explanation: [Vulnerability Alert] High-Risk Security Vulnerabilities Found in FortiClient EMS (CVE-2026-21643 and CVE-2026-35616), Please Confirm and Patch Immediately

Content Description:
- Forwarding National Information Security Analysis and Sharing Center (NISAC) Alert NISAC-200-202604-00000002
- Researchers have discovered an SQL Injection vulnerability (CVE-2026-21643) and an Improper Access Control vulnerability (CVE-2026-35616) in FortiClient EMS. Both vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code.
- Both vulnerabilities have already been exploited by hackers; please confirm and patch immediately.
Impacted Platforms:
- FortiClient EMS versions 7.4.x to 7.4.6
Suggested Measures:
- Please update FortiClient EMS 7.4.x versions to version 7.4.7 and later versions
References:

Computer and Communication Center
Network Systems Division