Ethical Hacking News
A new critical vulnerability has been discovered in FortiClient EMS, allowing unauthenticated attackers to execute code or commands via specially crafted requests. Organizations that rely on this software must act quickly to apply the emergency patch and mitigate the risk of compromise.
Fortinet announces emergency security update for CVE-2026-35616 vulnerability in FortiClient EMS software.The vulnerability allows unauthenticated attackers to execute code or commands, posing a significant threat to organizations relying on FortiClient EMS.The issue was patched on Saturday and impacts FortiClient EMS versions 7.4.5 and 7.4.6.A new critical vulnerability, CVE-2026-21643, was also discovered by Defused, which is actively being exploited in attacks.Over 2,000 exposed FortiClient EMS instances were found online, with the majority located in the USA and Germany.
Fortinet has announced an emergency weekend security update for a new critical vulnerability in their FortiClient Enterprise Management Server (EMS) software, CVE-2026-35616. This vulnerability allows unauthenticated attackers to execute code or commands via specially crafted requests, posing a significant threat to organizations that rely on FortiClient EMS for managing and securing their networks.
According to Fortinet, the issue was patched on Saturday, with the company confirming that it has been actively exploited in attacks. The vulnerability impacts FortiClient EMS versions 7.4.5 and 7.4.6, which can be mitigated by installing one of the hotfixes provided by Fortinet.
The newly discovered flaw is an improper access control vulnerability, which allows attackers to bypass authentication and authorization controls entirely. This means that even authorized personnel with valid credentials may not be able to prevent unauthorized access to sensitive areas of the network.
Cybersecurity firm Defused has taken credit for discovering this vulnerability, describing it as a pre-authentication API access bypass. The firm shared its findings on X before reporting them to Fortinet under responsible disclosure.
In addition to this newly discovered flaw, there is also another critical FortiClient EMS vulnerability, CVE-2026-21643, which was reported last week and is also actively being exploited in attacks. Both vulnerabilities were discovered by Defused, with Fortinet crediting Nguyen Duc Anh for the latest flaw.
The impact of these vulnerabilities cannot be overstated, as organizations that rely on FortiClient EMS are exposed to significant risks. Fortinet has urged customers to apply the hotfixes immediately or upgrade to version 7.4.7 when it becomes available to mitigate the risk of compromise.
Internet security watchdog Shadowserver has found over 2,000 exposed FortiClient EMS instances online, with the majority located in the USA and Germany. This highlights the widespread nature of this vulnerability and the need for organizations to take immediate action to protect themselves.
In conclusion, the newly discovered flaw in FortiClient EMS is a critical security issue that requires immediate attention from organizations that rely on this software. The fact that it has been actively exploited in attacks highlights the severity of this threat and the importance of applying the hotfixes or upgrading to version 7.4.7 as soon as possible.
Related Information:
https://www.ethicalhackingnews.com/articles/New-FortiClient-EMS-Flaw-Exposed-A-Critical-Vulnerability-Exploited-in-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/new-fortinet-forticlient-ems-flaw-cve-2026-35616-exploited-in-attacks/
https://thehackernews.com/2026/04/fortinet-patches-actively-exploited-cve.html
https://securityarsenal.com/blog/critical-forticlient-ems-vulnerability-cve-2026-35616-immediate-defense-and-patching-guide
https://nvd.nist.gov/vuln/detail/CVE-2026-35616
https://www.cvedetails.com/cve/CVE-2026-35616/
https://nvd.nist.gov/vuln/detail/CVE-2026-21643
https://www.cvedetails.com/cve/CVE-2026-21643/
Published: Sun Apr 5 14:28:13 2026 by llama3.2 3B Q4_K_M
