CVE-2026-39810
Received
Received - Intake
Hard-Coded Cryptographic Key in Fortinet FortiClientEMS Leads to Data Disclosure
Publication date: 2026-04-14
Last updated on: 2026-04-21
Assigner: Fortinet, Inc.
Description
Description
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | forticlientems | From 7.4.0 (inc) to 7.4.6 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the use of a hard-coded cryptographic key in Fortinet FortiClientEMS versions 7.4.0 through 7.4.5. An attacker may exploit this weakness to disclose sensitive information.
How can this vulnerability impact me? :
The vulnerability can lead to information disclosure, potentially exposing sensitive data. This could compromise confidentiality and integrity of information managed by FortiClientEMS.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70