Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
Summary
Fortinet has released emergency patches for a critical vulnerability in FortiClient EMS, identified as CVE-2026-35616. This flaw allows pre-authentication API access bypass, leading to privilege escalation, and has reportedly been exploited in the wild. The CVSS score for this vulnerability is 9.1.
IFF Assessment
This is bad news for defenders because an actively exploited critical vulnerability allows attackers to gain elevated privileges within a critical security management system.
Severity
The high CVSS score of 9.1 reflects the critical nature of the vulnerability, which allows for pre-authentication API access bypass and subsequent privilege escalation, enabling attackers to gain significant control without prior authentication.
Defender Context
Defenders need to prioritize patching FortiClient EMS systems immediately due to the active exploitation of this critical vulnerability. Monitoring for indicators of compromise related to unauthorized API access and privilege escalation attempts within their FortiClient EMS environment is crucial. This incident highlights the importance of prompt patching for critical infrastructure management tools.