On February 6, 2026, Fortinet addressed a serious vulnerability in FortiClientEMS, labeled CVE-2026-21643. The issue stems from the mishandling of special characters in SQL commands within the FortiClientEMS web interface. This flaw allows an unauthenticated attacker to execute unauthorized code, posing significant security risks. Currently, there have been no reports of this vulnerability being exploited in real-world scenarios. However, Arctic Wolf points out the potential for threat actors to reverse-engineer the patches, given Fortinet's history of being targeted by cyber attacks. The Cybersecurity and Infrastructure Security Agency (CISA) has included Fortinet products in its Known Exploited Vulnerabilities Catalog, underscoring the urgency of the situation. To mitigate risks, it's essential for users to update to the fixed version of FortiClientEMS. The vulnerable version is 7.4.4, while the patch brings it to 7.4.5. Versions 7.2 and 8.0 are not affected. Organizations should adhere to their existing patching and testing protocols to ensure a smooth update process without disrupting operations.