CVE-2026-21643

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-21643

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-21643.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-21643

Published

2026-02-06T09:15:49.330Z

Modified

2026-03-13T03:56:11.747026Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-21643.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "7.4.0"
            },
            {
                "fixed": "7.4.5"
            }
        ]
    }
]