Fortinet released an emergency patch for a critical FortiClient EMS vulnerability (CVE-2026-35616), a 9.1 CVSS improper access control flaw allowing unauthenticated remote code execution. Exploitation was first observed on March 31, initially as targeted 'low and slow' attacks before shifting to opportunistic mass exploitation. CISA added the flaw to its Known Exploited Vulnerabilities catalog and set a Thursday deadline for federal agencies to patch. This is the second critical FortiClient flaw exploited in the wild in recent weeks. Approximately 100 internet-exposed instances exist, and historically nation-state actors from Russia and China have targeted FortiClient EMS.
Sort: