CVE-2026-35616

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClient EMS versions 7.4.5 through 7.4.6

Description: Fortinet FortiClient EMS versions 7.4.5 through 7.4.6 contains an improper access control vulnerability that allows unauthenticated attackers to execute arbitrary code or commands via crafted requests. This vulnerability is actively exploited in the wild, with over 2,000 internet-accessible EMS instances potentially exposed. Successful exploitation can lead to full EMS compromise, credential theft, and lateral movement within a network. The vulnerability is a pre-authentication API access bypass, enabling remote code execution without any user interaction.

Recommendations: Apply the hotfix for FortiClient EMS 7.4.5 or 7.4.6, or upgrade to version 7.4.7 when available. Isolate affected EMS instances and restrict access to the management plane. Rotate credentials and API keys used by EMS. Monitor EMS logs and network traffic for suspicious activity.