CVE-2026-21643 is a critical SQL injection vulnerability (CWE-89) in Fortinet FortiClient EMS reported under active exploitation by multiple secondary sources including BleepingComputer, HelpNetSecurity, and Arctic Wolf; official Fortinet PSIRT confirmation and CISA KEV listing were pending at analysis time. Community reporting references version 7.4.4 as affected with a potentially unauthenticated attack vector and CVSS 9.8, but these specifics require verification against the official Fortinet PSIRT advisory before finalizing remediation scope. Priority actions are restricting EMS management interface access from untrusted networks, reviewing EMS logs for unauthorized access or policy changes, and applying the official Fortinet patch once advisory-confirmed version ranges and upgrade paths are available.