Fortinet Issues Emergency Patch for FortiClient Zero-Day

Fortinet has released an emergency patch for a critical authentication bypass vulnerability (CVE-2026-35616) affecting FortiClient. The flaw is actively being exploited in the wild, representing an immediate risk to organizations using affected Fortinet products. This zero-day represents the latest in a concerning series of Fortinet vulnerabilities that threat actors have targeted. Organizations should prioritize patching FortiClient installations immediately to prevent unauthorized access, as authentication bypass vulnerabilities can allow attackers to gain initial access or escalate privileges without valid credentials. Network segmentation and monitoring for indicators of compromise are recommended until patches are applied.

The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.

Fortinet has released an emergency patch for a critical authentication bypass vulnerability (CVE-2026-35616) affecting FortiClient. The flaw is actively being exploited in the wild, representing an immediate risk to organizations using affected Fortinet products. This zero-day represents the latest in a concerning series of Fortinet vulnerabilities that threat actors have targeted. Organizations should prioritize patching FortiClient installations immediately to prevent unauthorized access, as authentication bypass vulnerabilities can allow attackers to gain initial access or escalate privileges without valid credentials. Network segmentation and monitoring for indicators of compromise are recommended until patches are applied. The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild. The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.