A critical zero-day vulnerability in FortiClient Endpoint Management Server, tracked as CVE-2026-35616, has been exploited by hackers since late March, allowing unauthenticated attackers to remotely execute arbitrary code on affected systems1. Fortinet has responded by releasing an emergency hotfix to mitigate the flaw, which carries a severity rating of 9. The vulnerability affects organizations that use FortiClient EMS to manage and monitor endpoint systems, potentially compromising the security of entire networks. The hotfix is intended as a temporary solution until a patched version of FortiClient EMS can be released. Given the active exploitation of this flaw, practitioners should prioritize applying the emergency hotfix to prevent potential breaches. The exploitation status of CVE-2026-35616 determines whether this is a patch-now or monitor situation, making it essential for organizations to stay informed about the latest developments.