Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet released emergency patches for CVE-2026-35616, a critical pre-authentication RCE vulnerability in FortiClient EMS 7.4.5-7.4.6 (CVSS 9.1). This vulnerability is actively being exploited in the wild as of March 31, 2026. Unauthenticated attackers can execute arbitrary code via malicious API requests.

CRITICALAdvisoryApr 06, 2026

Action required

Immediately patch all FortiClient EMS instances to the latest patched version. If patching cannot be completed today, isolate affected EMS servers from production networks and monitor API traffic for suspicious requests to unauthenticated endpoints.

Affected products

FortinetFortiClient EMS

CVE IDs

CVE-2026-35616

Linked articles

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Source links

https://thehackernews.com/2026/04/fortinet-patches-actively-exploited-cve.html