Fortinet Forticlientems
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Fortinet Forticlientems.
By the Year
In 2026 there have been 2 vulnerabilities in Fortinet Forticlientems with an average score of 8.0 out of ten. Last year, in 2025 Forticlientems had 8 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Forticlientems in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.69.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 7.95 |
| 2025 | 8 | 6.26 |
| 2024 | 2 | 8.30 |
| 2023 | 1 | 5.30 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 7.50 |
It may take a day or so for new Forticlientems vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fortinet Forticlientems Security Vulnerabilities
FortiClientEMS 7.4.x SQLIl via HTTP enables unauthenticated RCE
CVE-2026-21643
9.1 - Critical
- February 06, 2026
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
SQL Injection
FortiClientEMS 7.0-7.4.4 SQLi (CWE-89) Auth. Adminread only can inject via HTTP
CVE-2025-59922
6.8 - Medium
- January 13, 2026
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
SQL Injection
FortiClientEMS Pre-7.4.0 Improper Auth Vulnerability (CVE-2024-32119)
CVE-2024-32119
- June 10, 2025
An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.
1390
Fortinet FortiClientEMS 7.4.x SSRF via crafted HTTP/HTTPS
CVE-2023-48786
- June 10, 2025
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests.
SSRF
FortiClientEMS 7.4.x RPT Allows Limited AFW via Upload
CVE-2025-22859
- May 13, 2025
A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.
Relative Path Traversal
FortiClient <=7.4.1 XSS via EMS admin messages
CVE-2025-22855
4.8 - Medium
- April 08, 2025
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.
XSS
FortiClientEMS 6.2.0 XSS: Unescaped User Profile Input (CVE-2019-16149)
CVE-2019-16149
6.1 - Medium
- March 28, 2025
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system.
XSS
FortiClientEMS & FortiSOAR 6.47.4: Unauth User Enum via Response Diff
CVE-2024-36510
5.3 - Medium
- January 14, 2025
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.
Side Channel Attack
FortiClientEMS 6.4-7.4: Bypass Trusted Host via SRV Channel Verification
CVE-2024-36506
5.3 - Medium
- January 14, 2025
An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.
Improper Verification of Source of a Communication Channel
FortiClientEMS BruteForce via Unrestricted Auth Attempts (7.2.07.2.4, <7.0.10)
CVE-2024-23106
9.8 - Critical
- January 14, 2025
An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests.
Improper Restriction of Excessive Authentication Attempts
Cmd Injection in FortiClientEMS 7.2.07.2.4 via crafted DB requests
CVE-2024-33508
7.3 - High
- September 10, 2024
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.
Command Injection
SQLi in FortiClientEMS v7.2.07.2.2/v7.0.17.0.10 allows exec
CVE-2023-48788
9.3 - Critical
- March 12, 2024
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
SQL Injection
FortiClientEMS Sensitive Info Exposure in 7.0.x (CWE-200)
CVE-2021-44172
5.3 - Medium
- September 13, 2023
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.
Information Disclosure
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may
CVE-2021-41028
7.5 - High
- December 16, 2021
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.
Use of Hard-coded Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fortinet Forticlientems or by Fortinet? Click the Watch button to subscribe.
