CVE-2026-35616 – FortiClientEMS
CVSS 9.8
CRITICAL
“When endpoint management platforms are actively exploited, every unmanaged system becomes a potential foothold.”
Fortinet released a patch for a critical vulnerability affecting FortiClientEMS. CVE-2026-35616 has a CVSS score of 9.1, which is Critical severity.
The vulnerability involves improper access control handling that could allow privilege escalation in affected FortiClientEMS environments. The vulnerability is under active exploitation. The update strengthens authorization controls and reduces the risk of attackers gaining elevated access to endpoint management infrastructure.
Key Details
- Affected Product
- Fortinet Forticlientems
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-284
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.