{"id":231304,"date":"2026-04-05T00:32:00","date_gmt":"2026-04-05T04:32:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/05\/fortinet-patches-actively-exploited-cve-2026-35616-in-forticlient-ems\/"},"modified":"2026-04-05T01:35:15","modified_gmt":"2026-04-05T05:35:15","slug":"fortinet-patches-actively-exploited-cve-2026-35616-in-forticlient-ems","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/05\/fortinet-patches-actively-exploited-cve-2026-35616-in-forticlient-ems\/","title":{"rendered":"Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/fortinet-patches-actively-exploited-cve.html\">Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/fortinet-patches-actively-exploited-cve.html\">https:\/\/thehackernews.com\/2026\/04\/fortinet-patches-actively-exploited-cve.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-05 00:32:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Apr 05, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ API Security<\/span><\/p>\n<p>Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the\u00a0wild.<\/p>\n<p>The\u00a0vulnerability, tracked\u00a0as <strong>CVE-2026-35616<\/strong> (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation.<\/p>\n<p>&#8220;An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests,&#8221;\u00a0Fortinet said in a Saturday\u00a0advisory.<\/p>\n<p>The\u00a0issue affects FortiClient EMS versions 7.4.5\u00a0through 7.4.6. It&#8217;s expected to be fully patched in the upcoming version 7.4.7, although the company\u00a0has released a\u00a0hotfix to address\u00a0it.\u00a0<\/p>\n<p>Simo\u00a0Kohonen from Defused Cyber and Nguyen Duc Anh have been credited with discovering and reporting the flaw. In\u00a0a post on X, Defused\u00a0Cyber said it observed zero-day exploitation of CVE-2026-35616 earlier this week. According to watchTowr, exploitation attempts against CVE-2026-35616 were first recorded against its honeypots on March 31,\u00a02026.<\/p>\n<p>Successful exploitation of the flaw could allow an unauthenticated attacker to sidestep API authentication and authorization protections, and execute malicious code or commands via crafted\u00a0requests.\u00a0<\/p>\n<p>&#8220;Fortinet has observed this to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient EMS 7.4.5\u00a0and 7.4.6,&#8221; the company\u00a0added.<\/p>\n<p>The\u00a0development comes merely days after\u00a0another recently-patched, critical vulnerability in FortiClient EMS\u00a0(CVE-2026-21643, CVSS score: 9.1) came under active exploitation. It&#8217;s currently not known if the same threat actor is behind the exploitation of both the flaws, and if they are being weaponized\u00a0together.<\/p>\n<p>Given\u00a0the severity of the vulnerabilities, users are advised to update their FortiClient EMS to the latest version as soon as\u00a0possible.<\/p>\n<p>&#8220;The timing of the ramp-up of in-the-wild&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/fortinet-patches-actively-exploited-cve.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS https:\/\/thehackernews.com\/2026\/04\/fortinet-patches-actively-exploited-cve.html Publish Date: 2026-04-05 00:32:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":231305,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh61_DDvLhdLZ8tHMrmQ8XlQ1vWwnEk-2lmYFnjw_1ZvJ4IUB4G7ffXU8pSd7JDknP0bqyaVVOTb1HJ62ujlQ_zfG3Lc7XMtLKUuZTO6v4jgrdqon90wrix6EaQNKtou3yz7Txf3ni5JOVn-D1-OcHB7e-UDxQI2ifZOBHAeDwFBnwAfanSeFn8EyP8oilj\/s16000\/fortinet.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[90,89,57,34,27],"class_list":["post-231304","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cve","tag-flaw","tag-security","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231304"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=231304"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231304\/revisions"}],"predecessor-version":[{"id":231306,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231304\/revisions\/231306"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/231305"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=231304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=231304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=231304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}