Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in FortiClientEMS

11 February 2026

Fortinet has released security updates to address a critical SQL injection vulnerability in FortiClientEMS. Users and administrators of affected versions are advised to update to the latest version immediately.

Background

Fortinet has released security updates to address a critical vulnerability (CVE-2026-21643) affecting FortiClientEMS. The vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10.

Impact

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute unauthorised code or commands via specifically crafted HTTP requests. This can lead to a complete system compromise, enabling the attacker to gain control over the underlying server and manipulate system data.

Affected Products

The vulnerability affects FortiClientEMS version 7.4.4.

Mitigation

Users and administrators of affected products are advised to update to the latest version immediately.

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

https://nvd.nist.gov/vuln/detail/CVE-2026-21643

https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html

Back to top