VDB

GCVE-VVD-NCSC-2026-47

GCVE-VVD-NCSC-2026-47
Advisory PublishedCVSS 9.8/10
Vulnetix · Advisory published February 9, 2026
Fortinet FortiClientEMS 7.4.4 contains an SQL injection vulnerability that enables unauthenticated attackers to execute unauthorized commands via specially crafted HTTP requests.
Download JSON Open in Console

Weaknesses (CWE)

CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Risk Scores

CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Fortinetvers:unknown/*

Aliases

CVE-2026-21643

Transitive aliases

EUVD-2026-5681GHSA-r6vr-hwpr-qqchBDU:2026-01492VVD-CESS-2026-21643

References

advisory
advisory
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›