What's Happening?
Fortinet has issued an out-of-band patch for a critical security flaw in FortiClient EMS, identified as CVE-2026-35616, which has been actively exploited. This vulnerability, with a CVSS score of 9.1, allows unauthenticated attackers to bypass API access
controls, leading to privilege escalation. The flaw affects FortiClient EMS versions 7.4.5 through 7.4.6, with a hotfix available and a full patch expected in version 7.4.7. The vulnerability was discovered by Simo Kohonen from Defused Cyber and Nguyen Duc Anh. Exploitation attempts were first recorded on March 31, 2026, and Fortinet urges users to apply the hotfix immediately.
Why It's Important?
The exploitation of this vulnerability poses significant risks to organizations using FortiClient EMS, as it allows attackers to execute unauthorized code or commands. This incident highlights the critical need for timely patch management and the potential consequences of delayed responses, especially during holiday periods when security teams may be understaffed. The vulnerability's exploitation underscores the importance of robust cybersecurity measures and the need for organizations to remain vigilant against emerging threats.
What's Next?
Organizations using FortiClient EMS are advised to apply the hotfix immediately and prepare for the full patch release. Security teams should remain alert for any signs of exploitation and ensure that their systems are updated to mitigate potential risks. Fortinet's response to this vulnerability will likely be scrutinized, and further updates or advisories may be issued as more information becomes available.
