CVEDB API

Vulnerabilities

Vulnerable Software

Fortinet: >> Forticlientems >> 7.4.3 Security Vulnerabilities

CVE-2026-39809

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests

CVSS Score

6.7

EPSS Score

0.0

Published

2026-04-14

CVE-2026-39810

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.

CVSS Score

6.0

EPSS Score

0.0

Published

2026-04-14

CVE-2025-59922

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

CVSS Score

7.2

EPSS Score

0.001

Published

2026-01-13

Page 1

Vulnerabilities

Vulnerable Software

Fortinet: >> Forticlientems >> 7.4.3 Security Vulnerabilities

Products

Pricing

Contact Us