CVE-2026-39809

MEDIUM NVD

CVSS Score 6.7

Severity MEDIUM

Published Apr 14, 2026

Vendor unknown

Description

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-102