Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
05 April 2026
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild.
The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation.
"An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an