CVE-2026-39809

| EUVD-2026-22307 MEDIUM
2026-04-14 fortinet
Fortinet SQLi
6.7
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Apr 14, 2026 - 17:04 vuln.today
CVSS Changed
Apr 14, 2026 - 16:22 NVD
6.2 (MEDIUM) 6.7 (MEDIUM)

DescriptionNVD

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

AnalysisAI

SQL injection in Fortinet FortiClientEMS 7.0 through 7.4.5 allows high-privileged local attackers to execute unauthorized code or commands with high integrity and confidentiality impact. The vulnerability requires local access and high privileges (PR:H per CVSS vector), making it a risk primarily in environments where administrative users are untrusted or compromised. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-39809 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy