MEDIUM🇵🇱 Wersja polska

CVE-2026-39810

CVSS 6.0v3.1pub. 2026-04-14upd. 2026-04-21

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
  • Fortinet Forticlientems

    APP
    Fortinet
    7.4.0 – 7.4.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-35616CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet FortiClientEMS — nieuwierzytelnione wykonanie kodu (Auth Bypass)

CVE-2026-21643CRITICAL9.8⚠ KEVPL ✓ten sam produkt

SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu

CVE-2025-59922HIGH7.2ten sam produkt

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89]...

CVE-2024-23106HIGH8.1ten sam produkt

An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through...

CVE-2026-39809MEDIUM6.7ten sam produkt

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortin...