Bug Bounty And Vuln HuntingVuln Item

FortiClient EMS CVE-2026-35616 active exploitation and unauthenticated code execution

April 5, 2026The Hacker News, Pierluigi Paganini - Security Affairs, CVE

Fortinet and security outlets warn CVE-2026-35616 is actively exploited in FortiClient EMS, allowing unauthenticated attackers to bypass API controls and execute unauthorized code or commands.

Open in PulseSee the full authority discussion →

QUOTES

Fortinet is warning of active exploitation of CVE-2026-35616 (CVSS 9.1) in FortiClient EMS.

The flaw lets unauthenticated attackers bypass API controls and run code.

CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw

CVE-2026-35616 A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands

New FortiClient EMS flaw exploited in attacks, emergency patch released

VOICES

The Hacker News

Pierluigi Paganini - Security Affairs

CVE

Teri Radichel #cybersecurity #pentesting

BleepingComputer

RELATED TERMS

cverceincident responsecvercecybersecurity incidentremote codecommand execution

OTHER FINDINGS IN BUG BOUNTY AND VULN HUNTING

Axios npm supply chain attack delivering cross platform rat via compromised maintainer OpenClaw privilege escalation via pair approve command DarkSword/Coruna iOS exploit kits expanding beyond nation-state use

AMYGDALA PULSE

See what authorities are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new authority voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security