Medium severity6.7NVD Advisory· Published Apr 14, 2026· Updated Apr 21, 2026
CVE-2026-39809
CVE-2026-39809
Description
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:fortinet:forticlientems:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:forticlientems:*:*:*:*:*:*:*:*range: >=7.0.0,<=7.0.13
- (no CPE)range: 7.4.0-7.4.5, 7.2.0-7.2.12, 7.0 all versions
Patches
Vulnerability mechanics
References
1- fortiguard.fortinet.com/psirt/FG-IR-26-102nvdVendor Advisory
News mentions
0No linked articles in our index yet.