CVE-2026-21643

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Proof of Concept (POC) Links

Explore how this vulnerability can be reproduced or exploited.

https://github.com/0xBlackash/CVE-2026-21643/blob/main/cve-2026-21643.py https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21643