cbcvebase.
CVE-2026-39809
published 2026-04-14

CVE-2026-39809: A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5…

medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests

Affected

7 ranges
VendorProductVersion rangeFixed in
fortinetforticlientems
fortinetforticlientems7.0.0 – 7.0.13
fortinetforticlientems>= 7.2.0 < 7.2.137.2.13
fortinetforticlientems>= 7.4.0 < 7.4.67.4.6
fortinetforticlientems7.4.0 – 7.4.1
fortinetforticlientems7.4.3 – 7.4.4
fortinetfortinet