Fortinet has issued an out-of-band patch for a critical vulnerability, CVE-2026-35616, affecting FortiClient EMS, which has been exploited in the wild1. This pre-authentication API access bypass flaw allows for privilege escalation, with a CVSS score of 9.1, indicating a high level of severity. The vulnerability is attributed to an improper access control issue, classified as CWE-284, enabling unauthorized access to sensitive resources. As a result, Fortinet has released emergency patches to mitigate the risk of further exploitation. The fact that this vulnerability is being actively exploited underscores the urgency of applying the patch immediately. This matters to security practitioners because the exploitation status of CVE-2026-35616 dictates whether this is a patch-now situation or a monitor-and-wait scenario, and given its current active exploitation, prompt action is warranted.
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
⚠️ Critical Alert
Why This Matters
CVE-2026-35616 is in active discussion involving Fortinet — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, April 5). Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS. *The Hacker News*. https://thehackernews.com/2026/04/fortinet-patches-actively-exploited-cve.html
Original Source
The Hacker News
Read original →