What is CVE-2026-35616 and why the rush?

It's a pre-auth API bypass in FortiClient EMS letting unauth attackers run code. CISA added to KEV; feds must patch by April 9 under BOD 22-01—exploited in wild already.

Does this affect private companies using Fortinet EMS ?

Yes, big time—2,000 exposed globally. Apply hotfixes for 7.4.5/6 or upgrade to 7.4.7 ASAP; CISA urges all defenders prioritize.

How do I check if my Fortinet EMS is vulnerable?

Scan for versions 7.4.5/6 internet-facing; use Shadowserver, Shodan. Patch via Fortinet portal—hotfix now.

🕳️ Vulnerabilities & CVEs

CISA's Fortinet EMS Patch Deadline: A Wake-Up Call for Exposed Management Servers

What if your network's brain—the server managing thousands of endpoints—is wide open to anyone with a crafted request? CISA just gave feds until Friday to slam that door shut on a Fortinet flaw that's already drawing real-world fire.

Threat Digest Apr 07, 2026 4 min read

CISA warning banner for exploited Fortinet FortiClient EMS vulnerability CVE-2026-35616

⚡ Key Takeaways

CISA mandates federal patch of CVE-2026-35616 by Friday; private sector should follow immediately. 𝕏
Nearly 2,000 FortiClient EMS instances exposed online, prime for zero-day exploits. 𝕏
Serial Fortinet EMS flaws point to architectural weaknesses in management server auth. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#CISA KEV #CVE-2026-35616 #Fortinet EMS #zero-day exploit

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Fortinet's FortiClient EMS Under Fire: Exploited Bugs Force Emergency Patches

Fortinet's FortiClient Zero-Day Lets Hackers Slip Past Logins—Patch or Perish

Apple's DarkSword Panic Patch: Why Your Old iPhone Just Got a Lifeline

Palo Alto's Firewall Glitch Hits CISA's 'Fix Now' List After Real-World Attacks

Stay in the loop