By rssfeeds-admin 
On April 13, 2026, CISA officially added CVE-2026-21643 to its Known Exploited Vulnerabilities (KEV) catalog, confirming that malicious actors are targeting this flaw.
The KEV catalog serves as CISA’s authoritative list of exploited vulnerabilities, helping cybersecurity teams prioritize patching and mitigation efforts.
With the inclusion of CVE-2026-21643, organizations around the world are racing to secure affected systems before attackers can infiltrate corporate networks.
Fortinet SQL Injection Flaw
The vulnerability, identified as CVE-2026-21643, affects Fortinet’s FortiClient Enterprise Management Server (EMS) a widely deployed platform used to manage endpoint security policies across business environments.
The flaw stems from a SQL injection vulnerability, known in technical terms as CWE-89, enabling attackers to manipulate database queries through improperly handled user inputs.
A SQL injection attack can allow threat actors to trick the underlying database into executing malicious commands.
According to CISA’s official advisory, this particular flaw is especially dangerous because it is unauthenticated. Attackers do not need valid credentials or existing access.
By sending specially crafted HTTP requests to an internet-exposed FortiClient EMS server, they can potentially execute unauthorized code or commands on the targeted system.
In successful cases, this exploit could grant attackers complete control over the affected system, paving the way for deeper compromise, malware deployment, or data exfiltration.
Although CISA has not yet confirmed if ransomware groups are leveraging the exploit in ongoing attacks, experts warn that its potential for remote code execution makes it an attractive vector for initial network access campaigns.
Threat intelligence researchers strongly advise network defenders to look for signs of suspicious HTTP traffic or anomalies in logs that could indicate exploitation attempts.
Federal Civilian Executive Branch agencies have been ordered to patch or mitigate the vulnerability by April 16, 2026, under Binding Operational Directive (BOD) 22-01.
Private sector organizations are urged to follow the same timeline. System administrators should install the latest Fortinet security updates and apply vendor-recommended mitigation steps immediately.
For cloud or on-premises environments where patches cannot be applied promptly, CISA advises discontinuing the use of vulnerable FortiClient EMS instances altogether.
With active exploitation confirmed, swift remediation is critical. CISA’s alert underscores the urgent need for vigilant patch management and proactive threat monitoring across all Fortinet deployments.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post CISA Warns of Fortinet SQL Injection Flaw Actively Exploited in Attacks appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.