On April 4, 2026, Fortinet released a hotfix for a critical vulnerability in FortiClient EMS (CVE-2026-35616) that allows unauthenticated remote threat actors to execute unauthorized code or commands via crafted requests.

ArcticWolf's platform is a central hub for cybersecurity professionals, offering insights into managed detection and response (MDR), threat intelligence, and security operations. Through articles, reports, and webinars, ArcticWolf offers insights into detecting and responding to cybersecurity threats effectively. Security analysts can learn about threat hunting, incident response strategies, and security best practices to protect organizations from cyberattacks.

Arctic Wolf

Fortinet released a hotfix on April 4, 2026 for a critical unauthenticated remote code execution vulnerability (CVE-2026-35616) in FortiClient EMS, affecting versions 7.4.5–7.4.6. The flaw stems from improper access control in the API authentication layer. Active exploitation in the wild has been confirmed by Fortinet, with Defused having observed exploitation prior to official disclosure. No public proof-of-concept is available yet, but further targeting is expected. A separate FortiClient EMS vulnerability (CVE-2026-21643), originally disclosed in February, is also now confirmed exploited in the wild as of March 24. Organizations are strongly advised to apply the available hotfix immediately, with a full fix expected in FortiClient EMS 7.4.7.