CVE-2026-21643 is a critical unauthenticated remote code execution vulnerability in Fortinet FortiClient EMS (CVSS 9.8) confirmed under active exploitation as of late March 2026, continuing a documented pattern of exploited Fortinet product vulnerabilities including the prior CVE-2023-48788 SQL injection. Specific affected version ranges and CWE classification must be verified against the Fortinet PSIRT advisory at fortiguard.com before scoping remediation, as these details were not confirmable from available secondary sources. Organizations should restrict inbound access to EMS management interfaces immediately, apply the Fortinet PSIRT-specified patch, and rotate all service account credentials and API tokens associated with EMS post-remediation; CISA KEV listing had not been confirmed at time of data capture but should be monitored.