What is CVE-2026-35616 in FortiClient?

It's an authentication bypass zero-day in FortiClient Windows pre-7.4.0, exploited in the wild—hackers skip logins to access networks.

Do I need to patch FortiClient right away?

Absolutely—if you're on vulnerable versions, update to 7.4.0 immediately to block active attacks.

Has CVE-2026-35616 been exploited?

Yes, Fortinet confirms in-the-wild exploitation; threat actors are chaining it for network breaches.

🕳️ Vulnerabilities & CVEs

Fortinet's FortiClient Zero-Day Lets Hackers Slip Past Logins—Patch or Perish

Picture this: you're sipping coffee, remote working securely—or so you think. Hackers just bypassed your FortiClient login without a sweat, thanks to CVE-2026-35616. Fortinet's emergency patch is out, but is it too late?

Threat Digest Apr 07, 2026 4 min read

Fortinet FortiClient software interface with red vulnerability warning overlay

⚡ Key Takeaways

Fortinet released an emergency patch for CVE-2026-35616, an authentication bypass in FortiClient Windows exploited in the wild. 𝕏
Users on versions before 7.4.0 must update immediately to prevent unauthorized network access. 𝕏
This flaw is part of a pattern of Fortinet vulnerabilities, urging better proactive security measures. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#CVE-2026-35616 #FortiClient #FortiClient zero-day #Fortinet #authentication bypass #zero-day

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Dark Reading

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Fortinet's FortiClient EMS Under Fire: Exploited Bugs Force Emergency Patches

CISA's Fortinet EMS Patch Deadline: A Wake-Up Call for Exposed Management Servers

Cisco IMC's Password Change Flaw Hands Attackers the Keys to Your Servers

GrafanaGhost: The AI Backdoor Turning Data Dashboards into Spy Tools

Stay in the loop