Critical unauthenticated remote code execution vulnerability in Fortinet FortiClient EMS management server. Allows attackers to execute arbitrary code via crafted network requests without authentication.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-04-04
Added to CISA KEV: 2026-04-06 2 DAYS BETWEEN CVE AND KEV
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute ...
The development comes merely days after another recently-patched, critical vulnerability in FortiClient EMS (CVE-2026-21643, CVSS score: 9.1) came under active exploitation. It's currently not known if the same threat actor is behind the exploitation of both the flaws, and if they are being weaponized together.
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs ...
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV ...