CVE-2026-35616CRITICAL · 9.8TrackedCISA KEV

Fortinet · FortiClient EMS

Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Disclosed

2026-04-04

67 days ago

Status

no honeypot capture yet

on CISA KEV — watching

7-day events

across 0 distinct IPs

7-day spread

0 ASN · 0 cty

0 active days

Top ASNs

No events captured yet.

Top countries

No events captured yet.

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-099
https://nvd.nist.gov/vuln/detail/CVE-2026-35616

↗ NVD ↗ CISA KEV ↗ Search analyses