Fortinet FortiClientEMS 7.4.4 carries a CVSS 9.8 unauthenticated SQL injection vulnerability confirmed actively exploited in both CISA KEV and VulnCheck KEV, enabling remote attackers to execute arbitrary commands on the EMS server without credentials. Successful exploitation could grant an adversary control over enterprise endpoint security policy management at scale. Immediate action required: restrict EMS server network access to trusted management IPs and apply the Fortinet PSIRT patch without delay.