Fortinet Issues Urgent Patches for Critical Vulnerabilities: Immediate Action Required
Fortinet, a global leader in cybersecurity solutions, has released critical security updates addressing two severe vulnerabilities that demand immediate attention from users. These flaws, one impacting FortiClientEMS and another affecting a range of FortiOS-based products, present significant risks, including unauthenticated code execution and active exploitation leading to administrative control.
Critical SQL Injection Flaw in FortiClientEMS (CVE-2026-21643)
The first major vulnerability, tracked as
CVE-2026-21643, targets FortiClientEMS and carries a high CVSS rating of 9.1 out of 10.0. This flaw is an “improper neutralization of special elements used in an SQL Command (‘SQL Injection’) [CWE-89],” as detailed in Fortinet’s official advisory. The critical implication is that an unauthenticated attacker could potentially execute arbitrary code or commands on vulnerable systems by crafting specific HTTP requests.
While Fortinet has not yet reported active exploitation of this particular vulnerability in the wild, its severity necessitates prompt action. Users of FortiClientEMS 7.4.4 are strongly advised to upgrade to version 7.4.5 or higher. FortiClientEMS versions 7.2 and 8.0 are confirmed to be unaffected. Gwendal Guégniaud of the Fortinet Product Security team has been credited with the discovery and responsible disclosure of this flaw.
Actively Exploited SSO Bypass in FortiOS and Related Products (CVE-2026-24858)
Adding to the urgency, Fortinet has also addressed another critical vulnerability, CVE-2026-24858, boasting an even higher CVSS score of 9.4. This flaw impacts a broader spectrum of Fortinet products, including FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb. The vulnerability allows an attacker with a FortiCloud account and a registered device to bypass FortiCloud SSO authentication, gaining unauthorized access to other devices registered to different accounts, provided those devices have FortiCloud SSO authentication enabled.
Alarmingly, Fortinet has confirmed that this SSO bypass vulnerability is actively being exploited by malicious actors. Threat actors are leveraging this flaw to create local administrator accounts for persistence, implement configuration changes to grant themselves VPN access, and exfiltrate sensitive firewall configurations. The confirmed active exploitation makes patching this vulnerability an absolute top priority for all affected organizations.
The Imperative of Immediate Patching
The rapid discovery and subsequent patching of these critical vulnerabilities underscore the dynamic and relentless nature of the cybersecurity threat landscape. For both CVE-2026-21643 and CVE-2026-24858, Fortinet’s message is unequivocal: apply the security updates without delay. Proactive and timely patching remains the most effective defense against sophisticated threats that can compromise system integrity, data confidentiality, and operational continuity.
Stay informed on the latest cybersecurity threats and solutions by following our updates on Google News, Twitter, and LinkedIn.
For more details, visit our website.
Source: Link
Leave a comment