Fortinet has released an emergency patch for a critical vulnerability in its FortiClient Enterprise Management Server that is currently being exploited by attackers in the wild.

Key Points

• The vulnerability, tracked as CVE-2026-35616, carries a critical 9.1 CVSS score and allows unauthenticated remote code execution.
• Fortinet confirmed active exploitation of the flaw, which was first detected by security researchers on March 31.
• CISA added the bug to its Known Exploited Vulnerabilities catalog, mandating that federal agencies apply the patch by Thursday.
• Users are urged to update to FortiClient EMS versions 7.4.5 or 7.4.6 to mitigate the security risk.
• While the internet-facing footprint of the software is relatively small, researchers warn that exploitation has shifted from targeted to opportunistic.

Why it Matters

This vulnerability poses a significant risk to enterprise security because it allows attackers to gain unauthorized control over centralized management systems. Organizations must prioritize patching immediately to prevent potential data breaches or further network compromise by malicious actors.