CVE-2026-21643 (CVSS 9.8) is a SQL injection vulnerability in Fortinet FortiClient Endpoint Management Server under active exploitation as of late March 2026, enabling unauthenticated remote code execution against the EMS management plane; specific affected versions have not been independently confirmed from the Fortinet PSIRT advisory and must be verified before action. EMS manages endpoint security policies and VPN configurations, making successful exploitation a high-value entry point into endpoint telemetry and credential stores. Verify affected versions against the Fortinet PSIRT portal immediately, restrict EMS management port access to administrative subnets, and monitor Windows Event ID 4688 on the EMS host for cmd.exe or PowerShell spawned under the EMS service account context.