U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog

A critical vulnerability in Fortinet FortiClient EMS, identified as CVE-2026-35616 with a CVSS score of 9.1, has been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog¹. This flaw, categorized as an improper access issue, is being actively exploited in the wild, prompting Fortinet to release out-of-band patches. The vulnerability's high severity score and active exploitation status underscore the need for prompt attention from security teams. Given its inclusion in CISA's catalog, organizations using FortiClient EMS should prioritize patching to prevent potential attacks. The fact that CVE-2026-35616 is being exploited in attacks highlights the importance of timely remediation, making it a patch-now situation for many organizations, so what matters most to practitioners is the urgency of applying the available patches to prevent exploitation.