Virginia News Press

collapse
Close menu
×
Home / Daily News Analysis / FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)

Apr 07, 2026  Twila Rosenbaum  6 views
FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)

Fortinet has recently confirmed the active exploitation of a severe zero-day vulnerability, identified as CVE-2026-35616, within its FortiClient Endpoint Management Server (EMS). This vulnerability has been detected in the wild, leading the company to advise its users to promptly install emergency hotfixes for versions 7.4.5 and 7.4.6 of the FortiClient EMS.

In a security advisory released on April 4, 2026, Fortinet stated, "Fortinet has observed [CVE-2026-35616] to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient EMS 7.4.5 and 7.4.6." This swift acknowledgment of ongoing exploitation highlights the critical nature of this vulnerability and the urgency for users to take action.

Understanding CVE-2026-35616

The vulnerability CVE-2026-35616 is characterized as an improper access control issue. This flaw enables attackers to bypass API authentication and authorization protocols, potentially allowing unauthenticated individuals to execute unauthorized commands or code through specially crafted requests. It is crucial to note that this vulnerability specifically targets FortiClient EMS versions 7.4.5 and 7.4.6, while version 7.2 remains unaffected.

Fortinet has assured its users that the hotfixes provided are adequate to prevent exploitation entirely. Furthermore, the upcoming release of FortiClient EMS version 7.4.7 is expected to include an additional fix addressing this vulnerability. However, the security advisory does not clarify whether version 8.0 is also vulnerable to this flaw.

The emergence of CVE-2026-35616 follows closely on the heels of another critical vulnerability, CVE-2026-21643, which was also reported by Defused Cyber. This earlier vulnerability involved a SQL injection issue that allowed remote, unauthenticated attackers to exploit the FortiClient EMS. Although Fortinet had previously issued a fix for CVE-2026-21643, it was not until months later that the practical exploitation paths were shared by security researchers.

It remains unclear whether CVE-2026-35616 and CVE-2026-21643 are being exploited in conjunction with one another. The rapid discovery and exploitation of these vulnerabilities underscore the importance of maintaining robust cybersecurity practices and ensuring timely updates.

In light of these developments, it is essential for organizations using FortiClient EMS to remain vigilant and proactive. Users are encouraged to subscribe to breaking news alerts to stay informed about the latest cybersecurity threats, vulnerabilities, and breaches.

Additional Resources

  • Webinar: The True State of Security 2026
  • ISC2 Webinar: Power Up Your Exam Prep!
  • Download: Tines Voice of Security 2026 Report

Stay Informed

Organizations should prioritize their cybersecurity posture and stay informed about emerging threats and vulnerabilities. By doing so, they can better protect their systems and data from potential exploitation.


Source: Help Net Security News


Share:

Related posts
Your experience on this site will be improved by allowing cookies Cookie Policy

These cookies are essential for the website to function properly.

These cookies help us understand how visitors interact with the website.

These cookies are used to deliver personalized advertisements.