INC Ransomware actively exploits CVE-2023-48788, a CVSS 9.8 SQL injection vulnerability in Fortinet FortiClient EMS that leads to unauthenticated remote code execution, as an initial access vector in ransomware campaigns. The vulnerability affects the FortiClient EMS management server and is being leveraged in campaigns targeting the same downtime-sensitive sectors as the Citrix exploitation cluster within the same INC campaign.