Fortinet - Forticlientems - CRITICAL - CVE-2026-21643. An SQL injection vulnerability exists in Fortinet FortiClientEMS 7.4.4, enabling unauthenticated attackers to execute arbitrary code or commands. This flaw arises from improper neutralization of special elements in SQL commands, which can be exploited via specially crafted HTTP requests. Organizations utilizing this product should prioritize assessment and remediation to mitigate potential security risks.