Ethical Hacking News
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critically vulnerable FortiClient Enterprise Management Server (EMS) flaw by Friday, as threat actors continue to exploit it in zero-day attacks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to federal agencies to patch a critically vulnerable FortiClient Enterprise Management Server (EMS) flaw by this Friday. The vulnerability, CVE-2026-35616, has been actively exploited in zero-day attacks and allows attackers to bypass authentication and authorization controls entirely. Fortinet released emergency hotfixes over the weekend to address the vulnerability and urged IT administrators to secure their EMS instances as soon as possible. Nearly 2,000 FortiClient EMS instances are exposed online, with over 1,400 IP addresses in the United States and Europe that have been identified as vulnerable. CISA has added CVE-2026-35616 to its Known Exploited Vulnerabilities (KEV) Catalog and mandated federal civilian executive branch agencies to patch FortiClient EMS instances by Thursday midnight, April 9.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies, ordering them to patch a critically vulnerable FortiClient Enterprise Management Server (EMS) flaw by this Friday. The vulnerability, tracked as CVE-2026-35616, has been actively exploited in zero-day attacks, posing significant risks to the federal enterprise.
The EMS is a critical component of Fortinet's security offerings, providing management and monitoring capabilities for various network devices. According to cybersecurity firm Defused, which discovered the vulnerability, it is a pre-authentication API access bypass that can allow attackers to bypass authentication and authorization controls entirely. This means that even if users are authenticated, an attacker could still execute code or commands on the server without needing explicit authorization.
Fortinet released emergency hotfixes over the weekend to address the vulnerability, warning that threat actors had been exploiting it in attacks. The company urged IT administrators to secure their EMS instances as soon as possible by applying the hotfixes or upgrading to FortiClient EMS version 7.4.7 when it becomes available.
However, a significant challenge lies ahead for federal agencies. Shadowserver, an internet security watchdog group, currently tracks nearly 2,000 FortiClient EMS instances exposed online, with over 1,400 IP addresses in the United States and Europe that have been identified as vulnerable. The absence of clear information on how many instances have already been patched or have vulnerable configurations makes it difficult for agencies to assess their own risk levels.
CISA added CVE-2026-35616 to its Known Exploited Vulnerabilities (KEV) Catalog, mandating federal civilian executive branch agencies to patch FortiClient EMS instances by Thursday midnight, April 9. This directive is part of Binding Operational Directive (BOD) 22-01, which applies specifically to U.S. federal agencies.
"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," CISA warned in its directive. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."
The urgency of this warning cannot be overstated. Fortinet vulnerabilities have consistently been exploited in cyber espionage campaigns and ransomware attacks, often as zero-day bugs. The most recent example is CVE-2026-24858, which was also recently discovered by cybersecurity firm Defused.
In light of these developments, it has become clear that patching this critical vulnerability must be a top priority for federal agencies. Not only does this protect against current threats but also serves as a preventative measure to prevent future attacks. In an era where cyber threats are constantly evolving and becoming more sophisticated, proactive measures like this are essential in safeguarding national security and public trust.
Furthermore, the incident highlights the need for a unified control plane across all identities, human, non-human, and agentic. The current landscape of vulnerabilities underscores the importance of comprehensive cybersecurity strategies that address not only specific threats but also ensure robust defenses against emerging threats.
In conclusion, CISA's warning to federal agencies to patch the exploited Fortinet EMS flaw by Friday serves as a stark reminder of the ever-evolving threat landscape in the world of cybersecurity. As we move forward, it is imperative that agencies prioritize proactive measures to fortify their security posture and remain vigilant against emerging threats. Only through collective action and cooperation can we hope to mitigate these risks and ensure the continued integrity of our digital infrastructure.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Orders-Federal-Agencies-to-Patch-Exploited-Fortinet-EMS-Flaw-by-Friday-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-fortinet-flaw-exploited-in-attacks-by-friday/
https://netcrook.com/cisa-fortinet-ems-flaw-patch-deadline/
https://www.crn.com/news/security/2025/cisa-multiple-fortinet-products-exploited-in-attacks-rapid-patching-urged
Published: Mon Apr 6 13:08:17 2026 by llama3.2 3B Q4_K_M
