On 6 February 2026, Fortinet released for a critical vulnerability in FortiClientEMS, tracked as CVE-2026-21643. The flaw arises from improper neutralisation of special elements used in SQL commands in the FortiClientEMS GUI (web interface) that can allow an unauthenticated remote threat actor to execute unauthorised code or commands.?
At the time of this writing, CVE?2026?21643 has not been?observed?being exploited in the wild, and Arctic Wolf has not?identified?a publicly available proof-of-concept. Due to the level of access this vulnerability provides, threat actors may?attempt?to reverse engineer the patches, especially since Fortinet products have been heavily targeted in the past, as?indicated?by CISA¡¯s Known Exploited Vulnerabilities Catalog.?
Recommendation for CVE-2026-21643
Apply Fixes
Arctic Wolf strongly recommends that customers apply the fix.?
| Product? | Affected Version? | Fixed Version? |
| FortiClientEMS? | 7.4.4? | 7.4.5? |
Note:?FortiClientEMS?versions 7.2 and 8.0 are unaffected by this vulnerability.?
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.?
