CVE-2026-35616

This vulnerability is like leaving a door unlocked so someone outside can walk in and operate the system without permission. With specially crafted requests, an attacker may be able to trigger actions that should only be available to authorized users—potentially including running unauthorized code or commands.

This matters to you if you use or manage Fortinet FortiClientEMS version 7.4.5, 7.4.6 (including Fortinet FortiClientEMS installations used for device management). It does not affect every Fortinet product—this specific issue is tied to FortiClientEMS in that version range.

This is RED because it is being exploited “in the wild,” and known exploited by CISA (KEV) indicates real-world attacker activity. The combination of a critical impact and very high likelihood of exploitation means you should treat this as an urgent patch/deployment issue rather than something to schedule for later.

1. Immediately update Fortinet FortiClientEMS off versions 7.4.5 and 7.4.6 to a fixed release (ask your IT/vendor for the exact patched version). 2) If you cannot update right away, restrict network access to FortiClientEMS so it is not reachable from the internet. 3) Check with your IT person whether your FortiClientEMS instance is exposed externally and confirm it is patched as soon as possible.