Fortinet security advisory (AV26-096)

Serial number: AV26-096
Date: February 9, 2026

On February 6, 2026, Fortinet published a security advisory to address a critical vulnerability in the following product:

• FortiClientEMS 7.4 – version 7.4.4

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• SQLi in administrative interface – FG-IR-25-1142 (CVE-2026-21643)
• CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
• Fortinet PSIRT Advisories