theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2026-35616

CISA KEV

Published April 6, 2026 · Updated April 7, 2026

high

What This Means

CVE-2026-35616 is a high-severity vulnerability in Fortinet's FortiClient EMS that stems from improper access controls. An unauthenticated attacker can exploit this flaw to execute unauthorized code or commands through specially crafted requests. To mitigate this risk, immediately apply any available patches from Fortinet and review access controls and authentication mechanisms in your environment.

Official Description+

Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Affected Products

VendorProduct
FortinetFortiClient EMS

Patch Status

Patch by 2026-04-09

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2026-35616.