Q-Feeds logo

Products & Services

Solutions

Pricing

Company

About

Label with EU stars, 'Made in Europe' text.
~
Label with EU stars, 'Made in Europe' text.
~

Firewall integrations

9

Fortinet

Elevate the power of your Fortinet Fortigate Firewall using by adding our Intelligence.

9

Palo Alto

Palo Alto Firewalls can be hardened with our threat intelligence as well.

9

Sophos XGS

Enhance the Sophos XGS Firewall with our threat intelligence.

9

OPNsense

Enhance your OPNsense Firewall with our threat intelligence using the native plugin.

SIEM integrations

9

Splunk

Splunk is a great platform, but without the right Threat Intelligence it's just a log server. Try our threat intelligence today. 

9

Microsoft Sentinel

One of the most used SIEM solutions should be enriched with the right Intelligence. At Q-Feeds you're at the right place!

9

Other

Luckily there are many other SIEM vendors whom support 3rd party threat intelligence.

Threat Intelligence Portal

9

Darkweb Monitoring

Darkweb monitoring is one of our services, not only for threat intelligence but also for you most important assets.

9

Threat Lookup

With Threat Lookup you get full insights in our IOC database, including full MITRE ATT&K mapping.

9

External Attack Surface Management

A toolset to check your external facing assets exposed on the internet

9

Vulnerability Scanner

A comprehensive vulnerability scanner which can scan your infrastructure and web applications

9

Brand Protection

Protect your brand for look-a-likes and potential phishing attempts

Services

9

TAXII Feeds & Server Software

TAXII/STIX2.1 standard. Both in form of feeds and server software available

9

Implementation

Need help with implementations? No worries, we have a strong network of partners who are able to help you.

Solutions

9

Enrich my SIEM

Elevate the power of your SIEM solution using by adding our Intelligence.

9

Enrich my Firewall

Firewalls can be hardened with our threat intelligence as well.

9

Prevent phishing

Enhance your protection against phishing

9

Achieve compliancy

Achieve compliancy by correlating the best threat intelligence to your logs

Futuristic eye design with circuits and geometric shapes.

Company

9

About

Read here all about Q-Feeds

9

News and Updates

Cybersecurity news and updates about us

9

Publications

All of our media coverage in one place

9

Become a reseller

Strengthen your portfolio with our comprehensive reseller program

9

Partner locator

Find our certified partners here

9

Contact

For all your questions or inquiries

Neural network representation of a human brain

Support

9

My Account

Access your account and manage your licenses

9

Downloads & Manuals

On this page you find white papers and manuals

9

Knowledge base

Our knowledge base full of implementation instructions

9

Start for free

Start your cyber security intelligence journey here

Abstract geometric wireframe human head

FortiClient EMS vulnerability: CVE-2026-21643 exploited in ongoing real-world cyberattacks

Mar 31, 2026 | Threat Intelligence Research

Critical SQL Injection Vulnerability in FortiClient EMS

A critical SQL injection vulnerability identified as CVE-2026-21643 has been discovered in FortiClient Endpoint Management Server (EMS), as reported by Fortinet. Current assessments reveal that this flaw is actively being exploited, posing significant risk to organizational security when exposed on the public internet.

The vulnerability is fundamentally rooted in improper handling of SQL command elements, specifically related to a mishandled HTTP header that identifies tenant context. This design flaw allows attackers to forge malicious requests that are integrated directly into SQL queries before any authentication is processed. Consequently, unauthorized users can exploit this weakness to run arbitrary SQL commands, potentially accessing sensitive data such as administrative credentials and security policies. The criticality of this vulnerability is underscored by its high CVSS score of 9.8, indicating the severe implications of such exploitation.

In practical terms, organizations with their FortiClient EMS interfaces accessible via the internet are at an elevated risk. Attackers can remotely engage with the web interface over HTTPS and execute specially crafted requests containing the malicious HTTP header, leading to unauthorized database access. The implications of this vulnerability are profound, allowing attackers to compromise backend databases and manipulate sensitive information without any prior authentication checks.

Defensive Context
Entities utilizing FortiClient EMS are most at risk, particularly those with internet-facing administrative interfaces. Organizations that have implemented protective network segmentation or restricted access policies may experience lesser risks compared to those with open public access.

Why This Matters
The real-world consequences can be dire for affected organizations, which may suffer from data breaches, leakage of sensitive information, and potential unauthorized command execution on their servers. Firms in sectors handling sensitive data, particularly finance and healthcare, need to be vigilant as they can be prime targets for exploitation.

Defender Considerations
To manage this critical vulnerability, affected organizations must upgrade their FortiClient EMS systems from version 7.4.4 to 7.4.5 or later, where the vulnerability is addressed. Additionally, limiting public access to the administrative interface and enforcing secure access measures such as VPNs can further diminish exposure to this threat.

Indicators of Compromise (IOCs)
– CVE-ID: CVE-2026-21643
– CVSS Score: 9.8 (Critical)
– Affected Product: Fortinet FortiClient EMS (versions 7.4.4 and earlier)

Click here for the full article

Try our Intelligence today!

Streamline your security operations with a free Q-Feeds trial and see the difference.

Activate free access

Other articles