BeyondMachines 2d ago

Fortinet Issues Emergency Hotfix for Actively Exploited FortiClient EMS Zero-Day

Fortinet has released emergency hotfix for an actively exploited critical zero-day vulnerability (CVE-2026-35616) in FortiClient EMS that allows unauthenticated attackers to bypass API security and run arbitrary commands.

**If you use FortiClient EMS versions 7.4.5 or 7.4.6, apply Fortinet's emergency hotfix ASAP. It's being actively exploited andcan give attackers full control of your endpoint management server. While you're at it, check your EMS API logs for any signs of unauthorized access or unusual command execution that might indicate you've already been compromised.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/fortinet-issues-emergency-hotfix-for-actively-exploited-forticlient-ems-zero-day-p-2-q-w-2/gD2P6Ple2L

Show threadthreatchain
@beyondmachines1 Worth noting that this vuln affects the EMS server itself, not individual endpoints. So if you're running centralized management, prioritize patching the server over client rollouts. Also, consider temporarily restricting API access from untrusted networks while you patch.
Apr 6 at 9:25pmWeb