← Back to BrewedIntel
vulnerabilitycriticalPrivilege EscalationZero-day ExploitCVE-2026-35616

Apr 05, 2026 • [email protected] (The Hacker News)

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical vulnerability (CVE-2026-35616) in FortiClient EMS with a CVSS score of 9.1. The flaw is a...

Source
The Hacker News
Category
vulnerability
Severity
critical

Executive Summary

Fortinet has released out-of-band patches for a critical vulnerability (CVE-2026-35616) in FortiClient EMS with a CVSS score of 9.1. The flaw is a pre-authentication API access bypass (CWE-284) that enables privilege escalation and has been actively exploited in the wild. Organizations using FortiClient EMS should apply patches immediately to prevent potential compromise. The vulnerability allows unauthorized access before authentication, posing significant risk to enterprise endpoints managed through the EMS platform.

Summary

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation. "An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an

Published Analysis

Fortinet has released out-of-band patches for a critical vulnerability (CVE-2026-35616) in FortiClient EMS with a CVSS score of 9.1. The flaw is a pre-authentication API access bypass (CWE-284) that enables privilege escalation and has been actively exploited in the wild. Organizations using FortiClient EMS should apply patches immediately to prevent potential compromise. The vulnerability allows unauthorized access before authentication, posing significant risk to enterprise endpoints managed through the EMS platform. Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation. "An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation. "An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an

Linked Entities

  • CVE-2026-35616
Read original source