ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) Catalog lists CVE-2026-35616 as an Improper Access Control vulnerability affecting Fortinet FortiClient EMS, which may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. The entry notes that Fortinet FortiClient EMS is the affected vendor/project and provides related mitigation guidance to apply vendor instructions or discontinue use if mitigations are unavailable.
Date Added is 2026-04-06 and the Due Date is 2026-04-09. The catalog also states that it is unknown whether the vulnerability has been used in ransomware campaigns. Additional notes advise adhering to Fortinet’s guidelines to assess exposure and mitigate risks, and direct readers to FortiGuard/Fortinet PSIRT and NIST for more information. Fortinet’s CVE entry is accompanied by links to Fortinet’s advisories and the NVD page for CVE-2026-35616.