CISA Adds One Known Exploited Vulnerability to Catalog
Summary
CISA has added a new vulnerability, CVE-2026-35616 concerning an Improper Access Control vulnerability in Fortinet FortiClient EMS, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation, highlighting significant risks to federal networks and urging all organizations to prioritize remediation.
IFF Assessment
The addition of a known exploited vulnerability to CISA's KEV catalog signifies an active threat that defenders must address.
Severity
Defender Context
This update emphasizes the importance of actively managing and patching vulnerabilities identified in the KEV catalog, as they represent actively exploited threats. Defenders should ensure their vulnerability management programs prioritize these known exploited flaws to reduce their attack surface against common and high-impact threats.