The post Full Exploit Disclosed: Public PoC and Technical Details Released for Critical ProFTPD SQL Injection appeared first on Daily CyberSecurity.

The post Injection Flaws (CVE-2026-40967 & 40978) Hit Spring AI Vector Stores appeared first on Daily CyberSecurity.

The post Critical LiteLLM SQL Injection (CVE-2026-42208) Exploited in the Wild appeared first on Daily CyberSecurity.

A newly disclosed set of vulnerabilities affecting Fortinet’s endpoint management platform has raised serious concerns among cybersecurity professionals, particularly as both flaws are already being actively exploited. The issues, tracked as CVE-2026-35616 and CVE-2026-21643, impact FortiClientEMS and expose systems to unauthenticated remote code execution (RCE), with attackers requiring no prior access to compromise affected servers.  One of the vulnerabilities, CVE-2026-21643, stems from an improper neutralization of special elements in SQL commands, commonly referred to as a SQL Injection flaw (CWE-89). This weakness exists within the administrative interface of FortiClientEMS, allowing unauthenticated attackers to send specially crafted HTTP requests and execute unauthorized code or commands. 

Critical SQL Injection Flaw in FortiClientEMS (CVE-2026-21643) 

Security researchers have confirmed that this SQL Injection issue is not just theoretical. It has already been observed being exploited in real-world attacks, increasing the urgency for mitigation. Because the flaw does not require authentication, attackers can directly target exposed systems, making it a particularly dangerous entry point.  In terms of affected versions, FortiClientEMS 7.4.4 is vulnerable and requires an upgrade to version 7.4.5 or later. Versions 8.0 and 7.2 are not affected by this issue. The vulnerability was internally discovered and reported by Gwendal Guégniaud of Fortinet’s Product Security team. The initial advisory was published on February 6, 2026, with a subsequent clarification removing FortiEMS Cloud from the affected products list. 

Improper Access Control Vulnerability (CVE-2026-35616) 

The second major flaw, CVE-2026-35616, involves improper access control (CWE-284) in FortiClientEMS. This vulnerability enables attackers to bypass API authentication and authorization mechanisms, again allowing unauthenticated execution of arbitrary code or commands through crafted requests.  Like the SQL Injection flaw, CVE-2026-35616 has also been confirmed to be actively exploited in the wild. The potential impact is severe, as successful exploitation could lead to a complete compromise of the FortiClientEMS server.  The vulnerability was officially published on April 4, 2026, and later added to the Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities (KEV) Catalog on April 6, 2026. CISA noted that such vulnerabilities are frequently used by malicious actors and pose significant risks, particularly to federal enterprise environments. 

Government and Industry Response 

The Cyber Security Agency of Singapore (CSA) issued an alert on April 6, 2026, warning of the active exploitation of CVE-2026-35616 in FortiClientEMS deployments. The advisory noted the critical nature of the vulnerability and urged organizations to take immediate action.  According to the alert, “successful exploitation of this vulnerability could allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests, potentially resulting in a full compromise of the FortiClient EMS server.” The agency also reiterated that exploitation activity has already been observed in the wild. 

Affected Versions and Mitigation Steps 

The improper access control vulnerability CVE-2026-35616 affects FortiClientEMS versions 7.4.5 through 7.4.6. Organizations using these versions are advised to apply the available hotfix immediately and upgrade to version 7.4.7 or later once it becomes available.  Fortinet has provided specific guidance for applying fixes through its official release notes for versions 7.4.5 and 7.4.6. The company has indicated that the upcoming FortiClientEMS 7.4.7 release will include a permanent fix, while the currently available hotfix is sufficient to fully mitigate the issue in the interim.  For CVE-2026-21643, upgrading from version 7.4.4 to 7.4.5 or above resolves the SQL Injection vulnerability. 

An unauthenticated SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin, used on 400K+ sites, could allow attackers to steal sensitive data.

An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to steal sensitive data. The offensive security engineer Drew Webber at Acquia discovered the vulnerability on February 4, 2026.

Ally (formerly One Click Accessibility) is a free WordPress plugin that helps creators build accessible websites. It offers an accessibility scanner with AI suggestions, a usability widget for visitors, and an automated accessibility statement generator. The plugin is used on over 400,000 WordPress sites.

The flaw could allow attackers to extract sensitive database data, including password hashes. The issue was responsibly reported by Drew Webber through the Wordfence Bug Bounty Program, earning an $800 bounty. Wordfence notified Elementor on February 13, the vendor acknowledged the report on February 15, and released a patch on February 23, 2026.

Users are urged to update to Ally version 4.1.0 to mitigate the risk.

The vulnerability stems from insecure handling of the subscribers query in Ally. The plugin builds a SQL JOIN query using a page URL parameter without using WordPress’ wpdb->prepare() function, which normally escapes and parameterizes queries.

Although esc_url_raw() is used, it does not prevent SQL injection. This flaw allows attackers to inject malicious SQL. By exploiting it with time-based blind SQL injection, using CASE statements and SLEEP() delays, an attacker could gradually extract sensitive information from the database.

“The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3.” reads the advisory published by WordFence. “This is due to insufficient escaping on the user-supplied URL parameter in the `get_global_remediations()` method, where it is directly concatenated into an SQL JOIN clause without proper sanitization for SQL context. While `esc_url_raw()` is applied for URL safety, it does not prevent SQL metacharacters (single quotes, parentheses) from being injected. “

The development team addressed the issue by using the wpdb prepare() function in the JOIN statement.

“The vulnerability has been addressed in version 4.1.0 of the plugin.” concludes the advisory. “We encourage WordPress users to verify that their sites are updated to the latest patched version of Ally as soon as possible considering the critical nature of this vulnerability.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data without logging in.

The post Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk appeared first on TechRepublic.

SQL injection flaw in Ally WordPress plugin exposes 200,000+ sites to data theft. Patch released, but most installations remain unpatched and vulnerable.

Shortly after our recent coverage of high-impact FortiOS SSO zero-day exploitation (CVE-2026-24858), defenders are facing another urgent patching priority in the Fortinet ecosystem. On February 6, Fortinet released a fix for a critical SQL injection flaw that can be triggered remotely and doesn’t require authentication, potentially leading to unauthorized code or command execution. 

Although there are currently no signs of exploitation in the wild, CVE-2026-21643 requires immediate attention and patching as SQL injection remains one of the most dangerous web vulnerability classes. OWASP Top 10 2025 links Injection to 62,445 known CVEs, including more than 14,000 SQL injection issues. The risk is straightforward. If an application lets untrusted input reach the database interpreter, an attacker can make the database run unintended commands, steal or change data, and, in some cases, escalate to full system compromise.

Sign up for the SOC Prime Platform to access real-time detection intelligence and ready-to-go use cases for emerging risks like vulnerability exploitation. Click Explore Detections to view the full collection of rules filtered by the “CVE” tag.

Explore Detections

All rules are compatible with multiple SIEM, EDR, and Data Lake platforms and are mapped to the MITRE ATT&CK® framework. Each rule includes CTI links, attack timelines, audit settings, triage guidance, and more relevant metadata.

Cyber defenders can also use Uncoder AI to empower their detection engineering workflows. Generate detection algorithms from raw threat reports, enable fast IOC sweeps, predict ATT&CK tags, optimize query code with AI tips, and translate it across multiple SIEM, EDR, and Data Lake languages.

CVE-2026-21643 Analysis

On February 6, 2026, Fortinet released an advisory describing CVE-2026-21643 as an improper neutralization of special elements used in an SQL Command (SQL Injection) in FortiClient EMS, where a remote attacker can send specially crafted HTTP requests to trigger the flaw. Because the issue is pre-auth, an exposed or reachable EMS administrative interface becomes a high-value target for initial access, potentially leading to rapid foothold establishment, follow-on tooling, and lateral movement from a system that often has broad visibility into endpoints. 

CVE-2026-21643 obtains a critical CVSS score of 9.8, highlighting the urgent need for patching. The good news for defenders is that the scope is clear. Fortinet’s advisory highlights that only FortiClientEMS 7.4.4 is affected and that upgrading to 7.4.5 or later addresses the issue, while 7.2 and 8.0 are not impacted.

Enhancing proactive cybersecurity strategies is crucial for reducing exploitation risk. By leveraging SOC Prime’s AI-Native Detection Intelligence Platform for enterprise-grade cyber defense, organizations can scale detection operations and strengthen their security posture. Register now to improve visibility into threats most relevant to your business and to accelerate response when new critical threats like CVE-2026-21643 appear.

The post CVE-2026-21643: Critical FortiClient EMS Vulnerability Enables Unauthenticated Remote Code Execution appeared first on SOC Prime.

Prompt injection is shaping up to be one of the most stubborn problems in AI security, and the UK’s National Cyber Security Centre (NCSC) has warned that it may never be “fixed” in the way SQL injection was.

Two years ago, the NCSC said prompt injection might turn out to be the “SQL injection of the future.” Apparently, they have come to realize it’s even worse.

Prompt injection works because AI models can’t tell the difference between the app’s instructions and the attacker’s instructions, so they sometimes obey the wrong one.

To avoid this, AI providers set up their models with guardrails: tools that help developers stop agents from doing things they shouldn’t, either intentionally or unintentionally. For example, if you tried to tell an agent to explain how to produce anthrax spores at scale, guardrails would ideally detect that request as undesirable and refuse to acknowledge it.

Getting an AI to go outside those boundaries is often referred to as jailbreaking. Guardrails are the safety systems that try to keep AI models from saying or doing harmful things. Jailbreaking is when someone crafts one or more prompts to get around those safety systems and make the model do what it’s not supposed to do. Prompt injection is a specific way of doing that: An attacker hides their own instructions inside user input or external content, so the model follows those hidden instructions instead of the original guardrails.

The danger grows when Large Language Models (LLMs), like ChatGPT, Claude or Gemini, stop being chatbots in a box and start acting as “autonomous agents” that can move money, read email, or change settings. If a model is wired into a bank’s internal tools, HR systems, or developer pipelines, a successful prompt injection stops being an embarrassing answer and becomes a potential data breach or fraud incident.

We’ve already seen several methods of prompt injection emerge. For example, researchers found that posting embedded instructions on Reddit could potentially get agentic browsers to drain the user’s bank account. Or attackers could use specially crafted dodgy documents to corrupt an AI. Even seemingly harmless images can be weaponized in prompt injection attacks.

Why we shouldn’t compare prompt injection with SQL injection

The temptation to frame prompt injection as “SQL injection for AI” is understandable. Both are injection attacks that smuggle harmful instructions into something that should have been safe. But the NCSC stresses that this comparison is dangerous if it leads teams to assume that a similar one‑shot fix is around the corner.

The comparison to SQL injection attacks alone was enough to make me nervous. The first documented SQL injection exploit was in 1998 by cybersecurity researcher Jeff Forristal, and we still see them today, 27 years later. 

SQL injection became manageable because developers could draw a firm line between commands and untrusted input, and then enforce that line with libraries and frameworks. With LLMs, that line simply does not exist inside the model: Every token is fair game for interpretation as an instruction. That is why the NCSC believes prompt injection may never be totally mitigated and could drive a wave of data breaches as more systems plug LLMs into sensitive back‑ends.

Does this mean we have set up our AI models wrong? Maybe. Under the hood of an LLM, there’s no distinction made between data or instructions; it simply predicts the most likely next token from the text so far. This can lead to “confused deputy attacks.”

The NCSC warns that as more organizations bolt generative AI onto existing applications without designing for prompt injection from the start, the industry could see a surge of incidents similar to the SQL injection‑driven breaches of 10—15 years ago. Possibly even worse, because the possible failure modes are uncharted territory for now.

What can users do?

The NCSC provides advice for developers to reduce the risks of prompt injection. But how can we, as users, stay safe?

• Take advice provided by AI agents with a grain of salt. Double-check what they’re telling you, especially when it’s important.
• Limit the powers you provide to agentic browsers or other agents. Don’t let them handle large financial transactions or delete files. Take warning from this story where a developer found their entire D drive deleted.
• Only connect AI assistants to the minimum data and systems they truly need, and keep anything that would be catastrophic to lose out of their control.
• Treat AI‑driven workflows like any other exposed surface and log interactions so unusual behavior can be spotted and investigated.

---

We don’t just report on threats—we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.