New FortiClient EMS flaw exploited in attacks, emergency patch released

Fortinet released an emergency patch for CVE-2026-35616, a critical pre-authentication RCE vulnerability in FortiClient EMS 7.4.5 and 7.4.6. This flaw is actively exploited in the wild with over 2,000 exposed instances identified online. Any organization running vulnerable versions faces immediate risk of unauthenticated remote code execution.

CRITICALAdvisoryApr 06, 2026

Action required

Immediately identify and inventory all FortiClient EMS 7.4.5 and 7.4.6 instances in your environment. Apply hotfix or upgrade to 7.4.7 today. Hunt for exploitation attempts in API access logs targeting unauthenticated endpoints and monitor for unexpected RCE activity on affected systems.

Affected products

FortinetFortiClient EMS

CVE IDs

CVE-2026-35616

Linked articles

New FortiClient EMS flaw exploited in attacks, emergency patch released

Source links

https://www.bleepingcomputer.com/news/security/new-fortinet-forticlient-ems-flaw-cve-2026-35616-exploited-in-attacks/