Fortinet security advisory (AV26-096) – Update 2

Serial number: AV26-096
Date: February 9, 2026
Updated: April 13, 2026

On February 6, 2026, Fortinet published a security advisory to address a critical vulnerability in the following product:

• FortiClientEMS 7.4 – version 7.4.4

Update 1

Open-source reporting indicates that CVE-2026-21643 is being exploited in the wild.

Update 2

On April 13, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-21643 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• SQLi in administrative interface – FG-IR-25-1142 (CVE-2026-21643)
• CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
• Fortinet PSIRT Advisories
• CISA KEV: CVE-2026-21643