Fortinet Releases Emergency Patch for Actively Exploited CVE-2026-35616 Vulnerability in FortiClient EMS

Fortinet has issued an out-of-band patch for a critical security vulnerability in FortiClient EMS, which has been actively exploited by attackers in the wild.

The vulnerability, identified as CVE-2026-35616 with a CVSS score of 9.1, is a pre-authentication API access bypass that can lead to privilege escalation, allowing unauthorized users to gain elevated access to sensitive systems and data.

An improper access control vulnerability, classified as CWE-284, has been discovered in FortiClient EMS, enabling attackers to bypass security controls and exploit the system without proper authorization.

The patch released by Fortinet aims to address this critical vulnerability, and users are advised to apply the update as soon as possible to prevent potential attacks.

It is essential for organizations using FortiClient EMS to prioritize the application of this patch, given the vulnerability’s high CVSS score and the fact that it is being actively exploited.

By applying the patch, organizations can mitigate the risk of a potential breach and protect their systems and data from unauthorized access.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Malicious npm Packages Target Redis and PostgreSQL with Persistent Implants

WhatsApp Spyware Attack: 200 Users Targeted by Fake iOS App