Signal
Fortinet urgently patches actively exploited zero-day vulnerability in FortiClient EMS
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-04-06 09:37 UTCUpdated 2026-04-07 15:09 UTC
rss
cveexploitssecurity_toolingincident_responsesecurity_advisories
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
Fortinet has released an emergency hotfix to address a critical zero-day vulnerability (CVE-2026-35616) in its FortiClient Enterprise Management Server (EMS) software.
Entities
FortinetFortiClient EMSBenjamin Harris
Score total
1.62
Momentum 24h
7
Posts
7
Origins
7
Source types
1
Duplicate ratio
0%
Why now
- Exploitation attempts began March 31 and have increased following public disclosure.
- Fortinet’s emergency hotfix was released only recently, with a full patch pending.
- CISA’s addition of the CVE to its Known Exploited Vulnerabilities catalog highlights urgency for defenders.
Why it matters
- The vulnerability is actively exploited, posing immediate risk to organizations using FortiClient EMS.
- High severity (CVSS 9.8) indicates potential for severe impact including remote code execution.
- Prompt patching is critical to prevent unauthorized access and further compromise.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
- CVE-2026-35616 is a critical zero-day vulnerability actively exploited in the wild affecting FortiClient EMS.
- Fortinet released an emergency hotfix over the Easter weekend and plans a more comprehensive patch later.
- The vulnerability allows API authentication and authorization bypass, leading to unauthorized access and potential remote code execution.
How sources frame it
- CyberScoop: neutral
All evidence
All evidence
Warning: Critical CVE-2026-35616 is actively exploited, allowing attackers to gain unauthorized access and potentially achieve remote code execution, Patch Immediately!
CERT.BE (BE) - Advisories · ccb.belgium.be · 2026-04-07 15:09 UTC
Fortinet security advisory (AV26-313)
Canadian Centre for Cyber Security - Alerts · cyber.gc.ca · 2026-04-07 12:02 UTC
Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited
Infosecurity Magazine · infosecurity-magazine.com · 2026-04-07 09:26 UTC
ALERT FortiClientEMS: CVSS (Max): 9.8
AusCERT - Bulletins · portal.auscert.org.au · 2026-04-07 01:48 UTC
Fortinet customers confront actively exploited zero-day, with a full patch still pending
CyberScoop · cyberscoop.com · 2026-04-06 21:12 UTC
Attackers exploited this critical FortiClient EMS bug as a 0-day
The Register Security · go.theregister.com · 2026-04-06 18:14 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -
Showing 6 / 0
Top publishers (this list)
- CERT.BE (BE) - Advisories (1)
- Canadian Centre for Cyber Security - Alerts (1)
- Infosecurity Magazine (1)
- AusCERT - Bulletins (1)
- CyberScoop (1)
- The Register Security (1)
Top origin domains (this list)
- ccb.belgium.be (1)
- cyber.gc.ca (1)
- infosecurity-magazine.com (1)
- portal.auscert.org.au (1)
- cyberscoop.com (1)
- go.theregister.com (1)