CVE-2026-39810 MEDIUM

CVE-2026-39810

Vendor Fortinet
Product FortiClientEMS
Weakness CWE-321
Published April 14, 2026
Last update April 14, 2026

CVSS base score

5.2/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.

Key dates

02Disclosure timeline

April 14, 2026 CVE published
April 14, 2026 Record updated