CVE-2026-21643 is a CVSS 9.8 unauthenticated SQL injection in FortiClientEMS 7.4.4 that enables remote code execution on the endpoint management server with no credentials required. This vulnerability is confirmed in CISA KEV with active in-the-wild exploitation; a compromised EMS server provides a foothold into every managed endpoint in the environment. Emergency action is required: isolate or restrict network access to EMS immediately, apply the Fortinet PSIRT patch, and validate the EMS server for post-exploitation indicators including unauthorized accounts, scheduled tasks, and outbound connections.