Bug Bounty And Vuln HuntingVuln Item

FortiClient EMS unauthenticated RCE exploitation

April 5, 2026The Hacker News, Pierluigi Paganini - Security Affairs, CVE

The Shadowserver Foundation warns FortiClient EMS CVE-2026-35616 and CVE-2026-21643 are being exploited in the wild and says it can fingerprint about 2000 exposed instances globally.

Open in PulseSee the full authority discussion →

QUOTES

Fortinet is warning of active exploitation of CVE-2026-35616 (CVSS 9.1) in FortiClient EMS.

The flaw lets unauthenticated attackers bypass API controls and run code.

CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw

CVE-2026-35616 A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands

New FortiClient EMS flaw exploited in attacks, emergency patch released

Heads up FortiClient EMS users!

unauthenticated RCE observed to be exploited in the wild!

We fingerprint about 2000 instances globally

VOICES

The Hacker News

Pierluigi Paganini - Security Affairs

CVE

Teri Radichel #cybersecurity #pentesting

BleepingComputer

The Shadowserver Foundation

RELATED TERMS

fortinetrceexploited-in-the-wildcvercecybersecurity incidentremote codecommand execution

OTHER FINDINGS IN BUG BOUNTY AND VULN HUNTING

Axios npm supply chain attack delivering cross platform rat via compromised maintainer OpenClaw privilege escalation via pair approve command DarkSword/Coruna iOS exploit kits expanding beyond nation-state use

AMYGDALA PULSE

See what authorities are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new authority voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security