This tweet highlights a critical SQL Injection vulnerability identified as CVE-2026-21643 in FortiClient EMS. Attackers are actively exploiting this vulnerability by bypassing the Web Application Firewall (WAF) protections using an HTTP Headers-based bypass technique. This means that instead of injecting malicious SQL code in typical places like the request body or URL parameters only, attackers are manipulating HTTP headers to sneak malicious payloads past the WAF defenses. FortiClient EMS, a security management product by Fortinet, is affected, making it crucial for users to update their systems immediately to mitigate this threat. The bypass technique demonstrates the importance of comprehensive WAF rule enforcement that extends to all parts of an HTTP request, including headers. The shared video linked in the tweet likely provides a detailed demonstration of the attack vector and bypass method. In summary, this vulnerability underscores a crucial lesson about WAFs – attackers often find creative ways to evade detection by inserting malicious inputs into less commonly checked parts of a request. FortiClient EMS users should prioritize patching and consider enhancing their WAF rules to scrutinize HTTP headers thoroughly.