FortiClient EMS Zero-Day Vulnerability Exploited, Emergency Patch Released (CVE-2026-35616)
Zero-Day Exploitation of FortiClient EMS Vulnerability
A critical vulnerability in the FortiClient Endpoint Management Server (EMS), tracked as CVE-2026-35616, has been identified as actively exploited in the wild.
Overview of the Issue:
- The vulnerability affects FortiClient EMS versions 7.4.5 and 7.4.6.
- An unauthenticated attacker can bypass API authentication and authorization controls, potentially enabling execution of unauthorized code or commands through crafted requests.
This discovery was made by Defused Cyber, who reported it on Monday. Fortinet quickly acknowledged the vulnerability and issued emergency hotfixes for affected systems. Customers are urged to install these patches to mitigate the risk of exploitation.
Risk and Impact:
- The vulnerability is classified as an improper access control issue.
- The exploit is distinct from CVE-2026-21643, which was first reported in March and was subsequently addressed by Fortinet.
- The fact that a second vulnerability in the same product has been discovered highlights the importance of regular security updates and monitoring.
According to Fortinet, the forthcoming version 7.4.7 of FortiClient EMS will include a fix for this issue.
Defused Cyber emphasized the urgency of addressing this vulnerability due to its potential to be exploited by unauthenticated attackers. As organizations rely increasingly on endpoint management solutions like FortiClient EMS, vulnerabilities such as this underscore the need for robust security measures and vigilant patching practices.
Related News:
- Cisco has identified another vulnerability in their products, allowing attackers to manipulate user passwords.
- Users are advised to apply the relevant patches to protect against this risk.