Vulnerability intelligence
CVE-2026-35616
Fortinet FortiClient EMS Improper Access Control Vulnerability
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
CVSS Score
9.1
Critical
EPSS — Exploit Probability
35%
Riskier than 97% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-04-09
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-04-09.
11 articles across 8 outlets · first covered Apr 5, 2026 · latest May 31, 2026
Coverage timeline
-
FortiClient EMS flaw used to deploy EKZ Infostealer via fake patchsecurityaffairs.com · May 28, 2026
-
FortiClient EMS bug exploited to deliver EKZ Infostealerwww.securityweek.com · May 28, 2026
-
FortiClient EMS flaw used to drop EKZ Infostealer via fake updatessecurityonline.info · May 28, 2026
-
CISA adds critical Ivanti EPMM flaw to KEV after PoC releasesecurityaffairs.com · Apr 8, 2026
-
CISA Warns of Fortinet FortiClient EMS Flaw Allowing RCEwww.cisa.gov · Apr 7, 2026
-
Fortinet issues fix for FortiClient EMS zero day CVE-2026-35616www.darkreading.com · Apr 6, 2026
-
CISA Adds CVE-2026-35616 to Known Exploited Vulnerabilities Cataloguecisa.gov · Apr 6, 2026
-
Fortinet warns of critical CVE-2026-35616 flaw in FortiClient EMSsocradar.io · Apr 6, 2026
-
Fortinet Rushes Emergency Fixes for Exploited Zero-Daywww.securityweek.com · Apr 6, 2026
-
CVE-2026-35616: Fortinet fixes actively exploited high-severity flawsecurityaffairs.com · Apr 6, 2026
-
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMSthehackernews.com · Apr 5, 2026