On February 6, 2026, Fortinet released??for a critical vulnerability in?FortiClientEMS, tracked as CVE-2026-21643. The flaw arises from improper neutralization of special elements used in SQL commands in the?FortiClientEMS?GUI (web interface) that can allow an?unauthenticated?remote threat actor to execute unauthorized code or commands.?
At the time of this writing, CVE?2026?21643 has not been?observed?being exploited in the wild, and Arctic Wolf has not?identified?a publicly available proof-of-concept. Due to the level of access this vulnerability provides, threat actors may?attempt?to reverse engineer the patches, especially since Fortinet products have been heavily targeted in the past, as?indicated?by CISA¡¯s Known Exploited Vulnerabilities Catalog.?
Recommendation for CVE-2026-21643
Apply Fixes
Arctic Wolf strongly recommends that customers apply the fix.?
| Product? | Affected Version? | Fixed Version? |
| FortiClientEMS? | 7.4.4? | 7.4.5? |
Note:?FortiClientEMS?versions 7.2 and 8.0 are unaffected by this vulnerability.?
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.?
