Back to search

Fortinet

FortiClient

See the latest tracked release, confirm when it was published, and subscribe for update emails.

7.4 Current train 7.2 Switch to this train 7.0 Switch to this train 6.4 EOL Switch to this train
Current version
Last checked: yesterday

7.4.6

Release date
March 17, 2026
CVE status
4 visible CVEs

Source

Vendor Release Information

Public release notes are linked for the latest stored release.

View release notes Subscribe to updates

Release history

See the latest published releases stored for this product.

Version Published Notes
7.4.6 2026-03-17 Release Notes

Vulnerability tracking

Review curated CVEs for this product and see whether the current version is marked affected. Only CVEs with a CVSS score of 7.0 or higher and published in the last 90 days are shown.

CVE Severity Published Status Summary
CVE-2026-35616 CRITICAL (9.8) 2026-04-04 Current versionaffected

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Affected versions
  • 7.4.5
  • 7.4.6
CVE-2026-24018 HIGH (7.8) 2026-03-10 Current versionnot affected

A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

Affected versions
  • From (including) 7.2.2 - Up to (excluding) 7.2.13
  • From (including) 7.4.0 - Up to (excluding) 7.4.5
CVE-2025-62676 HIGH (7.1) 2026-02-10 Current versionnot affected

An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages.

Affected versions
  • From (including) 7.0.0 - Up to (excluding) 7.2.13
  • From (including) 7.4.0 - Up to (excluding) 7.4.5
CVE-2026-21643 CRITICAL (9.8) 2026-02-06 Current versionnot affected

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Affected versions
  • 7.4.4