New FortiClient EMS flaw exploited in attacks, emergency patch released Fortinet released an emergency hotfix for a critical pre-authentication access control vulnerability in FortiClient Enterprise Management Server (EMS), tracked as CVE-2026-35616, which is being actively exploited in the wild. Customers running FortiClient EMS 7.4.5 and 7.4.6 are urged to install the provided hotfixes or upgrade to 7.4.7 to mitigate the risk, after Defused reported the zero-day and Shadowserver identified over 2,000 exposed instances. #FortiClientEMS #CVE-2026-35616

Fortinet releases emergency patch for critical FortiClient EMS vulnerability CVE-2026-35616, exploited in the wild. Affects versions 7.4.5 and 7.4.6; upgrade to 7.4.7 to fix API bypass flaw. #FortinetPatch #ZeroDay #USA