Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Fortinet FortiClientEMS security update for CVE-2026-21643

Security Patch Release
First reported
Last updated
Happening score
H score 55
2 unique sources, 2 articles

Summary

Hide ▲

Fortinet released security updates for FortiClientEMS to fix CVE-2026-21643, a critical SQL injection flaw that could let an unauthenticated attacker execute arbitrary code or commands. The issue carries a CVSS 9.1 score and affects FortiClientEMS 7.4.4, which should be upgraded to 7.4.5 or above. Fortinet says 7.2 and 8.0 are not affected.

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Fortinet security patch release for CVE-2026-44277

Security Patch Release
First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)

Security Patch Release
First: 07.04.2026 12:26 Last: 07.04.2026 12:26 Sources 1

About this happening: **Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...

Open Happening

CISA KEV listing and FCEB patch order for CVE-2026-35616

Public Sector Action
First: 06.04.2026 19:02 Last: 06.04.2026 19:02 Sources 1

About this happening: **CISA** added **CVE-2026-35616** to the **KEV Catalog** and ordered **FCEB agencies** to patch **FortiClient EMS** by **Thursday midnight, April 9**. The mandate matters because...

Open Happening

Timeline

  1. 10.02.2026 06:38 3 articles · 3mo ago

    Fortinet releases FortiClientEMS security update for CVE-2026-21643

    Mitigation Patch Update

    Fortinet released security updates for FortiClientEMS to fix CVE-2026-21643, a critical SQL injection vulnerability with CVSS 9.1 that could let an unauthenticated attacker execute unauthorized code or commands via specifically crafted HTTP requests. FortiClientEMS 7.4.4 should be upgraded to 7.4.5 or above, while FortiClientEMS 7.2 and FortiClientEMS 8.0 are not affected.

    Show sources
    Open in new tab