CP
cyberpings
VulnerabilitiesHIGH

Fortinet Vulnerability - Critical SQL Injection Exploited

Featured image for Fortinet Vulnerability - Critical SQL Injection Exploited
CSCSO Online
CVE-2026-21643FortinetSQL InjectionFortiClient EMSRemote Code Execution
🎯

Basically, hackers found a way to break into Fortinet's system without a password.

Quick Summary

Fortinet is under siege as a critical SQL injection vulnerability is actively exploited. Thousands of systems are at risk, allowing attackers to access sensitive data. Immediate patching is essential to safeguard against this threat.

What Happened

Fortinet has been hit again by a critical security flaw, this time involving a SQL injection vulnerability in its FortiClient Endpoint Management Server (EMS). This vulnerability, identified as CVE-2026-21643, allows unauthenticated attackers to execute arbitrary code on unpatched systems through specially-crafted HTTP requests. The flaw was discovered by Fortinet's security team and has been actively exploited, with reports indicating that it was being abused just days ago.

The vulnerability affects FortiClient EMS version 7.4.4 when multi-tenant mode is enabled, leaving thousands of internet-facing systems at risk. Security experts emphasize the urgency of patching this flaw by upgrading to version 7.4.5 or later to prevent potential exploitation.

Who's Affected

The impact of this vulnerability is extensive, as Fortinet serves over 900,000 customers worldwide. The Shadowserver Foundation has reported tracking more than 2,400 FortiClient EMS instances exposed to the internet, primarily in the U.S. and Europe. Additionally, Shodan has identified around 1,000 publicly-exposed instances of FortiClient EMS.

Organizations using FortiClient EMS are particularly vulnerable, especially those that have not implemented the necessary security measures. The lack of lockout protections and the ability to execute arbitrary SQL commands make these systems prime targets for attackers.

What Data Was Exposed

Exploitation of this vulnerability can lead to severe consequences, including unauthorized access to admin credentials, endpoint inventory data, security policies, and certificates for managed endpoints. Attackers can execute commands without needing any credentials, which significantly lowers the barrier for entry.

The nature of SQL injection attacks means that a single crafted HTTP request can lead to data exfiltration and remote code execution. This situation is exacerbated by the fact that many existing security controls fail to detect such flaws, allowing attackers to move laterally within the network and extract sensitive information.

What You Should Do

Organizations must take immediate action to protect their systems. Here are some recommended steps:

  • Patch FortiClient EMS to version 7.4.5 or later to close the vulnerability.
  • Inspect HTTP traffic logs for any anomalous SQL syntax that may indicate an ongoing attack.
  • Remove direct internet exposure of FortiClient EMS and place it behind a secure access gateway.
  • Implement a zero-trust architecture to minimize the risk of unauthorized access.

Fortinet's ongoing vulnerabilities highlight the need for more proactive security measures. As attackers continue to exploit weaknesses, organizations must remain vigilant and responsive to emerging threats.

🔒 Pro insight: The repeated SQL vulnerabilities in Fortinet products suggest a systemic issue in their codebase, necessitating a thorough security review and proactive measures.

Original article from

CSCSO Online
Read Full Article

Share

Related Pings

CRITICALVulnerabilities

Fortinet FortiClient EMS - Critical Flaw Allows Remote Code Execution

A critical vulnerability in Fortinet's FortiClient EMS is being exploited, allowing remote code execution via SQL injection. Organizations must act quickly to protect their systems.

Security Affairs·
HIGHVulnerabilities

F5 BIG-IP APM DoS Bug Exploited as Remote Code Execution

A critical flaw in F5 BIG-IP has been reclassified, allowing remote code execution. Organizations must patch immediately to prevent exploitation. This change highlights the need for vigilance in vulnerability management.

SC Media·
HIGHVulnerabilities

Fortinet BIG-IP Vulnerability - Reclassified as RCE Threat

A flaw in Fortinet's BIG-IP software has been reclassified as a remote code execution threat. This raises the stakes for organizations using this software, as attackers could gain control of their systems. Immediate action is needed to protect against potential exploitation.

Dark Reading·
HIGHVulnerabilities

OpenAI Patches ChatGPT Flaw Allowing Data Smuggling via DNS

OpenAI has patched a vulnerability in ChatGPT that allowed data to be smuggled through DNS. This flaw posed risks for sensitive data in regulated industries. Organizations must ensure their AI systems are secure to prevent potential breaches.

The Register Security·
CRITICALVulnerabilities

Citrix NetScaler - Critical Memory Flaw Under Attack

A critical vulnerability in Citrix NetScaler is being actively exploited, risking sensitive data exposure. Administrators must act quickly to secure their systems against this threat.

BleepingComputer·
HIGHVulnerabilities

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex Vulnerability

OpenAI has patched a critical vulnerability in ChatGPT that allowed data exfiltration without user consent. This flaw posed serious risks to user privacy and security. Organizations must enhance their security measures to protect sensitive information in AI environments.

The Hacker News·