Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026040901044242 | Publication Time | 2026/04/09 13:16 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/04/09 13:16 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】 FortiClient EMS Contains High-Risk Security Vulnerabilities (CVE-2026-21643 and CVE-2026-35616); Please Confirm and Apply the Patch as Soon as Possible |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202604-00000002 Researchers have discovered that FortiClient EMS contains a SQL Injection vulnerability (CVE-2026-21643) and an Improper Access Control vulnerability (CVE-2026-35616), both of which may allow an unauthenticated remote attacker to execute arbitrary code. Both vulnerabilities have already been exploited by attackers. Please confirm and apply the patch as soon as possible. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform]
FortiClient EMS versions 7.4.x through 7.4.6 |
|||
| [Recommended Actions]
Update FortiClient EMS version 7.4.x to version 7.4.7 or later (inclusive). |
|||
| [Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2026-21643 2. https://nvd.nist.gov/vuln/detail/CVE-2026-35616 3. https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 4. https://fortiguard.fortinet.com/psirt/FG-IR-26-099 |
|||