好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,抓住关键信息。 文章标题是“Critical Fortinet FortiClientEMS flaw allows remote code execution”,说明这是一个严重的漏洞,允许远程代码执行。接下来,作者Pierluigi Paganini在2026年2月9日发布的文章中提到Fortinet警告了一个关键漏洞,编号为CVE-2026-21643,CVSS评分9.1分。 漏洞类型是SQL注入(CWE-89),攻击者无需认证即可通过精心构造的HTTP请求执行恶意代码。成功利用此漏洞可能让攻击者进入目标网络,进行横向移动或部署恶意软件。这个漏洞是由Fortinet内部团队发现的。 受影响的版本是FortiClientEMS 7.4.4,建议升级到7.4.5或更高版本。文章没有提到该漏洞是否在野外被积极利用。 现在我需要将这些信息浓缩到100字以内,确保涵盖主要点:漏洞名称、影响、类型、攻击方式、后果、修复建议以及发现者信息。 可能的结构是:Fortinet FortiClientEMS存在严重SQL注入漏洞(CVE-2026-21643),CVSS 9.1分。未认证攻击者可利用HTTP请求执行恶意代码,导致网络入侵。影响版本7.4.4,建议升级至7.4.5。内部团队发现。 </think> Fortinet FortiClientEMS 存在严重 SQL 注入漏洞(CVE-2026-21643),CVSS 评分 9.1 分。未认证攻击者可通过构造 HTTP 请求执行恶意代码,导致网络入侵。影响版本 7.4.4,建议升级至 7.4.5 或以上。该漏洞由 Fortinet 内部团队发现。 2026-2-9 20:54:59 Author: securityaffairs.com(查看原文) 阅读量:0 收藏
Critical Fortinet FortiClientEMS flaw allows remote code execution
Pierluigi Paganini
February 09, 2026
Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in.
Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1).
The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An unauthenticated attacker can trigger the flaw to execute unauthorized code or commands via specifically crafted HTTP requests.
“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.” reads the advisory.
A successful attack could give attackers an initial foothold in the target network, enabling lateral movement or malware deployment.
The vulnerability was internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.
Below are the affected versions:
| Version | Affected | Solution |
|---|---|---|
| FortiClientEMS 8.0 | Not affected | Not Applicable |
| FortiClientEMS 7.4 | 7.4.4 | Upgrade to 7.4.5 or above |
| FortiClientEMS 7.2 | Not affected | Not Applicable |
The company did not disclose whether the vulnerability is currently being actively exploited in the wild.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, FortiClientEMS)
如有侵权请联系:admin#unsafe.sh