A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NFortinet Forticlientems
APPFortinet7.4.0 – 7.4.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2026-35616CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Fortinet FortiClientEMS — nieuwierzytelnione wykonanie kodu (Auth Bypass)
CVE-2026-21643CRITICAL9.8⚠ KEVPL ✓ten sam produkt
SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu
CVE-2025-59922HIGH7.2ten sam produkt
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89]...
CVE-2024-23106HIGH8.1ten sam produkt
An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through...
CVE-2026-39809MEDIUM6.7ten sam produkt
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortin...