Security
Critical Vulnerability in FortiClient EMS Leads to Cyber Attacks: Emergency Patch Issued
Fortinet Releases Emergency Security Update for Critical Vulnerability
Over the weekend, Fortinet took swift action by releasing an emergency security update to address a critical vulnerability in the FortiClient Enterprise Management Server (EMS). This vulnerability, identified as CVE-2026-35616, is currently being actively exploited in malicious attacks.
The vulnerability, categorized as an improper access control issue, enables unauthorized attackers to execute malicious code or commands through carefully crafted requests.
Fortinet moved quickly to patch the vulnerability on Saturday, confirming that it had already been exploited in real-world scenarios.
Fortinet issued a warning, stating, “Fortinet has observed this to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient EMS 7.4.5 and 7.4.6.”
According to Fortinet, the vulnerability affects FortiClient EMS versions 7.4.5 and 7.4.6 and can be addressed by applying one of the provided hotfixes.
Furthermore, the upcoming release of FortiClient EMS 7.4.7 will also include a fix for this vulnerability, ensuring enhanced security measures. It’s important to note that FortiClient EMS 7.2 remains unaffected.
The vulnerability was initially discovered by cybersecurity firm Defused, which identified it as a pre-authentication API access bypass. This flaw allows threat actors to circumvent authentication and authorization controls entirely.
Defused reported that the vulnerability was being actively exploited as a zero-day exploit before responsibly disclosing it to Fortinet earlier this week.
Recent findings from internet security watchdog Shadowserver revealed that over 2,000 FortiClient EMS instances are exposed online, with a significant number of them located in the United States and Germany.
This vulnerability comes in the wake of another critical flaw, CVE-2026-21643, in FortiClient EMS, which was reported last week and also exploited in attacks. Both vulnerabilities were discovered by Defused, with additional credit given to Nguyen Duc Anh for identifying the latest flaw.
Fortinet strongly advises its customers to promptly apply the provided hotfixes or upgrade to version 7.4.7 upon its release to mitigate the risk of potential compromises.
Automated pentesting demonstrates the existence of vulnerabilities, while BAS evaluates the effectiveness of your security controls. Many security teams focus on one aspect without considering the other.
This whitepaper outlines six validation surfaces, identifies areas where coverage may be lacking, and equips practitioners with three key questions to guide their evaluation of security tools.
Upgrade Your BMW with Eleron’s Plug-and-Play CSL Yellow DRL Kit
Critical Vulnerability in FortiClient EMS Leads to Cyber Attacks: Emergency Patch Issued
Unveiling Elden Ring: Delving into Miquella’s Dark Past
The Best of the Best: A Look at the EU Features Award-Winning Books from RCS
Chinese Electric SUV Brand Nears Australian Launch After Successful Debut in New Zealand
Uncovering the Genesis of Alexa: The Untold Story of the Amazon Echo
Poco X3 – The Shady Truth.
New Phishing Texts Utilizing QR Codes to Target Traffic Violation Scams
Polymarket Halts Bets on Air Force Officer Rescue Mission
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook’s New Look: A Blend of Instagram’s Style
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Breaking Updates: Meta Connect 2025 Unveils Latest Developments
Poco X3 – The Shady Truth.
Huawei is replacing Android.
14 MEGA Smartphone Fails we’ll never forget.
Why Samsung’s Transparent Phone will fail.
6G – Explained!
Is Samsung about to take over?
The Problem with Fast Chargers.
if smartphone commercials were honest.
iPhone 12 – What were Apple thinking?
-
Facebook5 months agoEU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
-
Facebook6 months agoWarning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
-
Facebook6 months agoFacebook Compliance: ICE-tracking Page Removed After US Government Intervention
-
Facebook4 months agoFacebook’s New Look: A Blend of Instagram’s Style
-
Facebook4 months agoFacebook and Instagram to Reduce Personalized Ads for European Users
-
Facebook6 months agoInstaDub: Meta’s AI Translation Tool for Instagram Videos
-
Facebook4 months agoReclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
-
Apple6 months agoMeta discontinues Messenger apps for Windows and macOS
