Critical FortiClient EMS Authentication Bypass Exploited in Wild. CVE-2026-35616 (CVSS 9.1) allows attackers to forge HTTP headers and gain full administrator access to FortiClient EMS without authentication. Active exploitation is deploying EKZ credential stealer malware disguised as legitimate Fortinet updates.
Palo Alto Networks PAN-OS Authentication Bypass Added to KEV. CISA added CVE-2026-0257 to the Known Exploited Vulnerabilities catalog after confirming active exploitation of the authentication bypass flaw.
Unpatched Gogs Zero-Day Enables RCE via Branch Names. A CVSS 9.4 vulnerability allows authenticated users to execute arbitrary code by injecting malicious branch names into pull requests, exploiting git rebase operations. The flaw remains unpatched despite March disclosure.
Pre-Auth RCE in Marimo Notebook Framework. CVE-2026-39987 (CVSS 9.3) enables unauthenticated attackers to achieve root code execution via a single WebSocket handshake in Marimo Python notebook environments.
Key Takeaway
Prioritize patching authentication bypass vulnerabilities in FortiClient EMS and PAN-OS immediately, as both are under active exploitation.
