Fortinet
US network security vendor; CVE-2026-21643 SQL injection added to CISA KEV in April 2026 as actively exploited.
Last refreshed: 17 April 2026 · Appears in 1 active topic
How serious is the Fortinet SQL injection that CISA just added to its must-patch list?
- What is the Fortinet vulnerability CISA added to KEV in 2026?
- CISA added CVE-2026-21643, a SQL injection vulnerability in Fortinet's network security products, to the Known Exploited Vulnerabilities catalogue in April 2026 as actively exploited.Source: CISA KEV
Background
Fortinet's CVE-2026-21643, a SQL injection vulnerability in its network-security product line, was added to the CISA Known Exploited Vulnerabilities catalogue in April 2026 as actively exploited. The addition is one of nine CVEs CISA added in the 30-day window covered by this update, alongside vulnerabilities in Ivanti Endpoint Manager and Microsoft SharePoint.
Fortinet is a Major US network security vendor providing firewalls, SASE (Secure Access Service Edge), endpoint security and SD-WAN products to enterprises and government customers globally. Its products are a frequent target for advanced persistent threat actors; CISA has added multiple Fortinet CVEs to the KEV catalogue in recent years, including a series of FortiOS vulnerabilities exploited by Chinese state-linked groups.
For Fortinet customers, KEV addition of an actively exploited SQL injection means mandatory patching within CISA deadlines for Federal Civilian Executive Branch agencies. For enterprise teams outside that mandate, the KEV signal is the strongest available public indicator that exploitation is occurring in the wild and should drive patch prioritisation regardless of scheduled maintenance windows.