CVE-2026-35616EXPLOITEDPATCHED

fortinet · forticlientems

CVE-2026-35616: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Affected Products

Vendor	Product	Versions
fortinet	forticlientems	7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-099

Related News (1 articles)

Tier A

Fortinet PSIRT-11605s ago

API authentication and authorization bypass

→ No new info (linked only)

CVSS 3.19.1 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

7.4.7

CWECWE-284

PublishedApr 4, 2026

Last enriched2h agov2

Trending Score51

Source articles1

Independent1

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

Vulnerability Timeline

CVE Published

Apr 4, 2026

Discovered by ZDM

Apr 4, 2026

Updated: affectedVersions, exploitAvailable, activelyExploited, patchAvailable

Apr 4, 2026

Actively Exploited

Apr 4, 2026

Exploit Available

Apr 4, 2026

Patch Available

Apr 4, 2026

Version History

Last enriched 2h ago

v2Tier A2h ago

Added affected version 7.4.6, confirmed active exploitation, and noted patch availability in version 7.4.7.

affectedVersionsexploitAvailableactivelyExploitedpatchAvailable

via Fortinet PSIRT

v12h ago

Initial creation

CVE-2026-35616: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History