CVE-2026-21643 – Fortinet FortiClientEMS
“Two critical, actively exploited flaws put endpoint management systems at immediate risk of takeover.”
Fortinet has released a security patch for FortiClientEMS addressing two critical vulnerabilities: CVE-2026-35616 and CVE-2026-21643. CVE-2026-35616 has a CVSS score of 9.1, which is Critical severity. CVE-2026-21643 also has a CVSS score of 9.1, which is Critical severity. Both vulnerabilities impact the integrity and control of endpoint management systems, significantly increasing the risk of widespread compromise.
These vulnerabilities are actively exploited in real-world attacks, making them high-priority threats. Successful exploitation could allow attackers to gain control over managed endpoints, disrupt security operations, or move laterally across enterprise environments. The patch closes these high-risk attack paths and is essential for maintaining control of endpoint infrastructure.
Key Details
- Affected Product
- Fortinet Forticlientems
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-89