{"id":231766,"date":"2026-04-06T11:01:00","date_gmt":"2026-04-06T15:01:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/06\/critical-flaw-in-forticlient-ems-under-exploitation\/"},"modified":"2026-04-06T11:15:10","modified_gmt":"2026-04-06T15:15:10","slug":"critical-flaw-in-forticlient-ems-under-exploitation","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/06\/critical-flaw-in-forticlient-ems-under-exploitation\/","title":{"rendered":"Critical flaw in FortiClient EMS under exploitation"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-forticlient-ems-exploitation\/816699\/\">Critical flaw in FortiClient EMS under exploitation<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-forticlient-ems-exploitation\/816699\/\">https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-forticlient-ems-exploitation\/816699\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-06 11:01:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p><span><span><span><span><span><span>Fortinet on Saturday warned that a critical zero-day vulnerability in its FortiClient Endpoint Management Server platform is under active exploitation.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The improper access control vulnerability, tracked as <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>CVE-2026-35616<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>, allows an unauthenticated attacker to execute unauthorized code or commands by using specially crafted requests.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Fortinet\u00a0urged customers to immediately install an emergency hotfix for FortiClient EMS 7.4.5 and 7.4.6.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>in an advisory issued Saturday.<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> The upcoming FortiClient EMS 7.4.7 release will include a patched version, but in the meantime, the emergency hotfixes should solve the problem, according to the company.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The company did not specify how long it would take for the 7.4.7 version to be released.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Researchers at the vulnerability research firm Defused reported the issue to Fortinet after detecting in-the-wild exploitation activity through its honeypots last week, <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>according to a post on LinkedIn<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span>.<\/p>\n<p><span><span><span><span><span><span><span>\u201cThis vulnerability allows attackers to bypass authentication by spoofing a specific access header and, through this, getting access to the back end,\u201d Defused founder and CEO Simo Kohonen told Cybersecurity Dive.<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Fortinet acknowledged the vulnerability on Friday and released the advisory on Saturday,\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>Kohonen said. Fortinet also thanked researcher Nguyen Duc Anh for additional work to disclose the flaw.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Shadowserver Foundation on Sunday warned that CVE-2026-3516, as well as <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>CVE-2026-21643<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>, an improper neutralization of special elements flaw in FortiClient EMS 7.4.4, are both being exploited in the wild.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Researchers at watchTowr warned the rapid succession of security flaws, combined with the Easter holiday weekend, could make mitigation of the ForiClient vulnerabilities more challenging.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>\u201cThis is the second unauthenticated vulnerability in FortiClient EMS in a matter of weeks,\u201d watchTowr CEO Benjamin Harris told Cybersecurity Dive. \u201cSo, once again, organizations&#8230;<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-forticlient-ems-exploitation\/816699\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Critical flaw in FortiClient EMS under exploitation https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-forticlient-ems-exploitation\/816699\/ Publish Date: 2026-04-06 11:01:00 Source Domain: www.cybersecuritydive.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":231767,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/95OiTyZdLNwMj1EQZxvuZoIJ7JHhLXNAsH9Mqjf_Vbs\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9GVE5ULTkwOS1raWZlci0wNS5qcGc=.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[90,89,57,27],"class_list":["post-231766","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cve","tag-flaw","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231766"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=231766"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231766\/revisions"}],"predecessor-version":[{"id":231768,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231766\/revisions\/231768"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/231767"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=231766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=231766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=231766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}