Signal
Critical zero-day vulnerability in Fortinet FortiClient EMS actively exploited, emergency hotfix released
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-04-07 18:07 UTCUpdated 2026-04-08 07:46 UTC
rss
cvevulnerabilityexploitincident_responsesecurity_advisorysecurity_tooling
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
A critical vulnerability (CVE-2026-35616) in Fortinet's FortiClient Endpoint Management Server (EMS) has been actively exploited since late March 2026.
Score total
1.42
Momentum 24h
4
Posts
4
Origins
4
Source types
1
Duplicate ratio
0%
Why now
- Exploitation has been observed since late March 2026, with multiple global agencies issuing urgent advisories.
- CISA's mandated remediation deadline of April 9, 2026, pressures organizations to act swiftly.
- No public exploit code yet, but expected soon, raising the risk of widespread attacks.
Why it matters
- The vulnerability enables remote code execution without authentication, risking full compromise of endpoint management.
- Active exploitation and imminent proof-of-concept increase the urgency for immediate patching.
- FortiClient EMS is widely used for endpoint security management, so the impact is broad and critical.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- CVE-2026-35616 is a critical zero-day vulnerability in Fortinet FortiClient EMS allowing unauthenticated remote code execution.
- The US CISA has added CVE-2026-35616 to its Known Exploited Vulnerabilities catalog and mandated remediation by April 9, 2026.
- Fortinet released an emergency hotfix for on-premises FortiClient EMS Linux servers and plans a full patch in version 7.4.7.
How sources frame it
- CSO Online: neutral
- Canadian Centre For Cyber Security: neutral
- SC Media: neutral
- NCSC NL: neutral
This critical FortiClient EMS vulnerability is under active exploitation with coordinated global advisories and emergency hotfixes issued. Organizations should prioritize patching on-premises EMS deployments immediately.
All evidence
All evidence
Kwetsbaarheid in FortiClient EMS van Fortinet
NCSC NL (News) · ncsc.nl · 2026-04-08 07:46 UTC
Immediate remediation of Fortinet FortiClient EMS bug ordered by CISA
SC Media · scworld.com · 2026-04-07 21:16 UTC
Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw
CSO Online · csoonline.com · 2026-04-07 20:37 UTC
AL26-007 - Vulnerability impacting Fortinet FortiClientEMS - CVE-2026-35616
Canadian Centre for Cyber Security - Alerts · cyber.gc.ca · 2026-04-07 18:07 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
- NCSC NL (News) (1)
- SC Media (1)
- CSO Online (1)
- Canadian Centre for Cyber Security - Alerts (1)
Top origin domains (this list)
- ncsc.nl (1)
- scworld.com (1)
- csoonline.com (1)
- cyber.gc.ca (1)