Fortinet has released out-of-band hotfixes for a critical pre-authentication API access bypass in FortiClient EMS (CVE-2026-35616) that has been exploited in the wild. Customers running FortiClient EMS 7.4.5–7.4.6 should apply the hotfix or update to 7.4.7 immediately to prevent unauthenticated privilege escalation and remote code execution. #FortiClientEMS #CVE-2026-35616
Keypoints
- FortiClient EMS has a pre-authentication API access bypass tracked as CVE-2026-35616 with a CVSS score of 9.1.
- The vulnerability enables unauthenticated attackers to bypass API authentication and execute unauthorized code or commands.
- Hotfixes are available for FortiClient EMS 7.4.5 and 7.4.6, with a full fix expected in 7.4.7.
- Researchers Simo Kohonen (Defused Cyber) and Nguyen Duc Anh reported the flaw, and exploitation was observed in the wild.
- Organizations exposed to the Internet should treat this as an emergency and apply the hotfix or update immediately.
Read More: https://thehackernews.com/2026/04/fortinet-patches-actively-exploited-cve.html