Fortinet has released an emergency patch for a critical zero-day vulnerability in its FortiClient Endpoint Management Server (EMS) software. Tracked as CVE-2026-35616, the flaw is an improper access control issue with a CVSS score of 9.1. It allows unauthenticated attackers to execute commands or code via specially crafted requests, and active exploitation has already been confirmed in the wild.
The vulnerability was discovered by researchers from Defused and was detected through large-scale anomaly detection systems. While current exploitation appears limited to a single exploit origin, CISA has already added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch by April 9. This incident follows a series of recent attacks targeting Fortinet products, including SQL injection and command-injection flaws.
Top comments (0)