← Back to Tracker
critical Code Vulnerability zero-day

Fortinet FortiClient EMS Zero-Day — Active Exploitation

CVECVE-2026-35616
Severitycritical
Statusopen
DateApril 6, 2026
AffectsFortinet FortiClient Enterprise Management Server
Sourcecyberscoop.com

Details

CVSS 9.8. Improper access control vulnerability actively exploited since March 31, 2026. Added to CISA KEV catalog April 6. Fortinet released an emergency hotfix but full patch still pending. Attackers can gain unauthorized access to managed endpoints.

Read full advisory →