← ExploitWatch
HomeExploited Vulnerabilities

CVE-2026-35616 — Actively Exploited: FortiClient EMS (Fortinet)

Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

CVE IDCVE-2026-35616
VendorFortinet
ProductFortiClient EMS
Vulnerability nameFortinet FortiClient EMS Improper Access Control Vulnerability
Date added2026-04-06
Remediation due2026-04-09
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionFortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →