CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS

Summary On April 4, 2026, Fortinet released a hotfix for a critical vulnerability in FortiClient EMS (CVE-2026-35616) that allows unauthenticated remote threat actors to execute unauthorized code or commands via crafted requests. The flaw stems from improper access control in the API authentication. Fortinet has confirmed observing exploitation of CVE-2026-35616 in the wild. The vulnerability ... CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS

Summary On April 4, 2026, Fortinet released a hotfix for a critical vulnerability in FortiClient EMS (CVE-2026-35616) that allows unauthenticated remote threat actors to execute unauthorized code or commands via crafted requests. The flaw stems from improper access control in the API authentication. Fortinet has confirmed observing exploitation of CVE-2026-35616 in the wild. The vulnerability ... CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS Summary On April 4, 2026, Fortinet released a hotfix for a critical vulnerability in FortiClient EMS (CVE-2026-35616) that allows unauthenticated remote threat actors to execute unauthorized code or commands via crafted requests. The flaw stems from improper access control in the API authentication. Fortinet has confirmed observing exploitation of CVE-2026-35616 in the wild. The vulnerability ... CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS