{"id":231913,"date":"2026-04-06T17:14:00","date_gmt":"2026-04-06T21:14:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/06\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending\/"},"modified":"2026-04-06T17:55:17","modified_gmt":"2026-04-06T21:55:17","slug":"fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/06\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending\/","title":{"rendered":"Fortinet customers confront actively exploited zero-day, with a full patch still pending"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited\/\">Fortinet customers confront actively exploited zero-day, with a full patch still pending<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited\/\">https:\/\/cyberscoop.com\/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-06 17:14:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>Fortinet released an emergency software update over the weekend to address an actively exploited vulnerability in FortiClient EMS, an endpoint management tool for customer devices.<\/p>\n<p>The zero-day vulnerability \u2014 CVE-2026-35616 \u2014 has a CVSS rating of 9.8 and was added to the Cybersecurity and Infrastructure Security Agency\u2019s known exploited vulnerability catalog Monday.\u00a0<\/p>\n<p>Fortinet said in a Saturday security advisory that it has seen the vulnerability being actively exploited in the wild.\u00a0 The company issued a hotfix and plans to release a more comprehensive software update later, though that update is not yet available.<\/p>\n<p>The security vendor did not say when the earliest known exploit occurred nor how many instances have already been impacted.\u00a0<\/p>\n<p>Unknown attackers were first observed attempting to exploit the vulnerability March 31, Benjamin Harris, founder and CEO at watchTowr, told CyberScoop.\u00a0<\/p>\n<p>\u201cExploitation attempts and probes were initially limited, reflecting typical attacker desire to try and keep usage of a zero-day from discovery and observation,\u201d he added. \u201cAs of April 6, given attention and Fortinet issuing a hotfix, exploitation has ramped up, indicating growing attacker interest and likely broader targeting.\u201d<\/p>\n<p>Shadowserver scans found nearly 2,000 publicly exposed instances of FortiClient EMS on Sunday. It\u2019s unclear how many of those instances are running vulnerable versions of the software.<\/p>\n<p>The recently discovered zero-day shares similarities with CVE-2026-21643, another unauthenticated FortiClient EMS defect that Fortinet disclosed Feb. 6. The vendor and cyber authorities last week warned that CVE-2026-21643 has been exploited in the wild.\u00a0<\/p>\n<p>Researchers have yet to find any significant link between the vulnerabilities or attribute the attacks to known threat actors, but both defects were actively exploited in a short timeframe and both allow attackers to execute code remotely.\u00a0<\/p>\n<p>\u201cFortinet solutions&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fortinet customers confront actively exploited zero-day, with a full patch still pending https:\/\/cyberscoop.com\/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":231914,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2026\/04\/GettyImages-1797826758-1.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-231913","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231913"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=231913"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231913\/revisions"}],"predecessor-version":[{"id":231915,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231913\/revisions\/231915"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/231914"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=231913"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=231913"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=231913"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}