What's Happening?
Fortinet has released emergency patches to address a critical vulnerability in its FortiClient Enterprise Management Server (EMS) that has been actively exploited as a zero-day. The flaw, identified as CVE-2026-35616,
is an improper access control issue that could allow remote code execution without authentication. Fortinet has observed active exploitation of this vulnerability and has provided hotfixes for FortiClient EMS versions 7.4.5 and 7.4.6, with a full fix expected in version 7.4.7. The vulnerability was reported by the cybersecurity firm Defused, which noted that attackers could bypass API authentication and authorization. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging federal agencies to apply the patch by April 9.
Why It's Important?
The exploitation of this zero-day vulnerability poses significant risks to organizations using FortiClient EMS, particularly those with internet-exposed instances. The vulnerability allows attackers to execute remote code without authentication, potentially leading to unauthorized access and data breaches. The urgency of the situation is underscored by the fact that this is the second unauthenticated vulnerability in FortiClient EMS in recent weeks. Organizations are advised to treat this as an emergency and apply the hotfixes immediately to mitigate the risk of exploitation. The inclusion of this vulnerability in CISA's catalog highlights its severity and the need for prompt action by federal agencies and other stakeholders.
What's Next?
Organizations using FortiClient EMS should prioritize applying the available hotfixes to protect against potential attacks. Fortinet plans to release a comprehensive fix in the upcoming version 7.4.7. Meanwhile, cybersecurity firms and agencies will likely continue monitoring for further exploitation attempts and may issue additional guidance as needed. The situation underscores the importance of maintaining up-to-date security measures and being vigilant against emerging threats.
