Primary

Context

Fortinet FortiClientEMS Hard-Coded Cryptographic Key Vulnerability Allowing Information Disclosure

Vulnerability

Patched

A vulnerability exists in Fortinet FortiClientEMS versions 7.4.0 to 7.4.5 due to the use of a hard-coded symmetric encryption key for PostgreSQL. This vulnerability may allow an authenticated attacker in possession of an encrypted database dump to decrypt the information.

Impact

Exploitation of this vulnerability could lead to unauthorized decryption of sensitive information in the database, allowing attackers to access confidential data.

Remediation

Users are advised to upgrade Fortinet FortiClientEMS to version 7.4.6 or above.

Added: Apr 14, 2026, 4:51 PM

Updated: Apr 14, 2026, 4:51 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

6.3

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

6.3

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiClientEMS Hard-Coded Cryptographic Key Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiClientEMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating