What's Happening?
Fortinet has released emergency hotfixes to address a critical zero-day vulnerability in its FortiClient Enterprise Management Server (EMS). The flaw, identified as CVE-2026-35616, is a critical-severity
improper access control issue that could allow remote code execution without requiring authentication. The vulnerability was discovered by the cybersecurity firm Defused, which reported it to Fortinet after observing active exploitation in the wild. Fortinet's advisory notes that remote attackers can exploit the vulnerability by sending crafted requests to vulnerable FortiClient EMS instances. The company has provided hotfixes for versions 7.4.5 and 7.4.6, while version 7.2 remains unaffected. The Shadowserver Foundation has identified approximately 2,000 FortiClient EMS instances accessible from the internet, potentially exposed to this and other vulnerabilities.
Why It's Important?
The exploitation of this zero-day vulnerability poses significant risks to organizations using FortiClient EMS, as it could lead to unauthorized access and control over affected systems. The vulnerability's ability to bypass authentication and authorization mechanisms makes it particularly dangerous, potentially allowing attackers to execute arbitrary code remotely. This incident underscores the critical need for timely security updates and the importance of responsible disclosure by cybersecurity researchers. Organizations relying on Fortinet's solutions must act swiftly to apply the provided hotfixes to mitigate the risk of exploitation. The situation highlights the broader challenges in cybersecurity, where zero-day vulnerabilities can be exploited before patches are available, emphasizing the need for robust security practices and continuous monitoring.
What's Next?
Fortinet plans to include a permanent fix for this vulnerability in the upcoming FortiClientEMS version 7.4.7. In the meantime, organizations are urged to apply the available hotfixes to protect their systems. The cybersecurity community will likely continue to monitor the situation for any further exploitation attempts or related vulnerabilities. Organizations using FortiClient EMS should remain vigilant and ensure their systems are updated promptly. The incident may prompt Fortinet and other cybersecurity firms to review their vulnerability management and disclosure processes to enhance their response to similar threats in the future.
