Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
07.04.2026
13154
Fortinet has released patches for a critical vulnerability (CVE-2026-35616, CVSS 9.1) in FortiClient EMS that has been actively exploited since March 31, 2026. The flaw affects versions 7.4.5 through 7.4.6 and enables privilege escalation attacks.
🚨 BREAKING: Fortinet Patches Critical Zero-Day Exploited in the Wild
Fortinet just dropped emergency patches for CVE-2026-35616—a nasty privilege escalation bug in FortiClient EMS that's been actively weaponized since March 31, 2026. CVSS score: 9.1 (aka 'patch this yesterday').
Affected versions: FortiClient EMS 7.4.5 through 7.4.6. If you're running these, attackers can jack up their privileges on your system. No details on the exploit yet, but Fortinet confirmed it's already being used in real attacks.
Fortinet's advisory is live—update to the latest patched version ASAP. This isn't a drill; threat actors are already hitting unpatched systems. Zero-day status means no prior warning, just pure chaos.
- • CVE-2026-35616
- • CVSS 9.1 (Critical)
- • Active exploitation since March 31, 2026
- • Affects FortiClient EMS 7.4.5–7.4.6
- • Privilege escalation vulnerability
- • Patches released by Fortinet
Tags tell the story: API Security, Vulnerability, zero day, privilege escalation. This is the kind of flaw that lets attackers pivot from low-level access to full system control. Patch management teams, wake up—your weekend just got booked.
#Fortinet#security patches#CVE vulnerabilities#zero-day vulnerabilities#privilege escalation
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
