![\"New](\"https:\/\/www.bleepstatic.com\/content\/hl-images\/2023\/03\/13\/Fortinet.jpg\")
<\/p>\n<\/p>\n
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks.<\/p>\n
Tracked as CVE-2026-35616, the flaw is an improper access control vulnerability that allows unauthenticated attackers to execute code or commands via specially crafted requests.<\/p>\n
The issue was patched Saturday, with Fortinet confirming it has been exploited in the wild.<\/p>\n
“Fortinet has observed this to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient EMS 7.4.5 and 7.4.6,” warns Fortinet<\/a>.<\/p>\n Fortinet says the vulnerability impacts FortiClient EMS versions 7.4.5 and 7.4.6 and can be mitigated by installing one of the following hotfixes:<\/p>\n The vulnerability will also be fixed in the upcoming FortiClientEMS 7.4.7. FortiClient EMS 7.2 is not affected.<\/p>\n The flaw was discovered by cybersecurity firm Defused, which described it as a pre-authentication API access bypass that allows attackers to bypass authentication and authorization controls entirely.<\/p>\n Defused shared on X<\/a> that they observed the flaw being exploited as a zero-day earlier this week before reporting it to Fortinet under responsible disclosure.<\/p>\n Internet security watchdog Shadowserver<\/a> has found over 2,000 exposed FortiClient EMS instances online, with the majority located in the USA and Germany.<\/p>\n The vulnerability follows a separate critical FortiClient EMS flaw, CVE-2026-21643<\/a>, reported last week and also actively exploited in attacks.<\/p>\n Both vulnerabilities were discovered by Defused, with Fortinet also crediting Nguyen Duc Anh for the latest flaw.<\/p>\n Fortinet is urging customers to apply the hotfixes immediately or upgrade to version 7.4.7 when it becomes available to mitigate the risk of compromise.<\/p>\n\n