A critical vulnerability in FortiClient Enterprise Management Server, identified as CVE-2026-35616, is being exploited by hackers to bypass authentication and distribute an infostealer malware known as EKZ. This previously undisclosed credential stealer is being pushed to vulnerable systems, allowing attackers to harvest sensitive information. The exploitation of this flaw enables hackers to gain unauthorized access to FortiClient EMS, which can have severe consequences for affected organizations. The vulnerability is particularly concerning as it can be leveraged to compromise the security of managed endpoints1. As a result, organizations using FortiClient EMS should prioritize patching and monitoring their systems for signs of exploitation, given the expanded attack surface. This vulnerability poses a significant risk to organizations, making it essential for security practitioners to take immediate action to mitigate potential threats.
Hackers exploit FortiClient EMS flaw to push infostealer malware
⚠️ Critical Alert
Why This Matters
CVE-2026-35616 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- Lawrence Abrams. (2026, May 28). Hackers exploit FortiClient EMS flaw to push infostealer malware. *BleepingComputer*. https://www.bleepingcomputer.com/news/security/hackers-exploit-forticlient-ems-flaw-to-push-infostealer-malware/
Original Source
BleepingComputer
Read original →