A critical zero-day vulnerability, CVE-2026-35616, is being actively exploited in Fortinet's FortiClient EMS, prompting the company to release an emergency software update. This vulnerability has a CVSS rating of 9.8, indicating a high level of severity, and has been added to the Cybersecurity and Infrastructure Security Agency's known exploited vulnerability catalog1. Fortinet has confirmed that the vulnerability is being exploited in the wild and has issued a hotfix to mitigate the issue, with a more comprehensive software update pending. The exploitation status of CVE-2026-35616 warrants immediate attention, as it determines whether this is a patch-now or monitor situation. This vulnerability poses a significant risk to Fortinet customers, and practitioners should prioritize patching or implementing mitigations to prevent potential attacks, as the absence of a full patch leaves systems vulnerable to exploitation.
Fortinet customers confront actively exploited zero-day, with a full patch still pending
⚠️ Critical Alert
Why This Matters
CVE-2026-35616 is in active discussion involving Fortinet — exploitation status determines whether this is patch-now or monitor.
References
- CyberScoop. (2026, April 6). Fortinet customers confront actively exploited zero-day, with a full patch still pending. CyberScoop. https://cyberscoop.com/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited/
Original Source
CyberScoop
Read original →