Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Fortinet Issues Patch for Critical FortiClient EMS Vulnerability

Fortinet Issues Patch for Critical FortiClient EMS Vulnerability

Posted on April 4, 2026 By CWS

Fortinet has swiftly released an emergency patch following the disclosure of a critical zero-day vulnerability in its FortiClient Endpoint Management Server (EMS). Security experts have confirmed that this vulnerability, identified as CVE-2026-35616, is already being actively exploited by cyber attackers.

Understanding the Vulnerability

Rated a severe 9.1 on the CVSSv3 scale, the flaw allows attackers to completely bypass API authentication and authorization controls in FortiClient EMS. This lapse in security enables them to execute arbitrary commands or code on affected systems without requiring any authentication or user interaction.

The issue is categorized under CWE-284, indicating improper access control within the EMS API layer. The vulnerability poses a significant risk to organizations with internet-facing EMS deployments due to its ease of exploitation and potential for widespread impact on confidentiality, integrity, and availability.

Active Exploitation and Vendor Response

Fortinet has confirmed active exploitation of this vulnerability in the wild. The vendor’s advisory (FG-IR-26-099) highlights privilege escalation as a primary risk. Only FortiClient EMS versions 7.4.5 and 7.4.6 are impacted, with a fix slated for the upcoming 7.4.7 release. In the interim, Fortinet has issued hotfixes for these versions.

The vulnerability was uncovered by Simo Kohonen from Defused and independent researcher Nguyen Duc Anh. Defused reported the exploitation after detecting unusual activity through their soon-to-be-released Radar feature, which monitors emerging threats in real time.

Mitigation and Future Security Measures

Fortinet has urged all users of the affected EMS versions to apply the emergency hotfix without delay. Detailed installation instructions are available in the Fortinet documentation portal for each version. Monitoring EMS logs for any unusual API activity is also recommended to identify potential exploitation attempts.

Additionally, organizations are advised to restrict external access to the EMS management interface as a precautionary measure while applying the necessary patches. This step can help mitigate risk by minimizing potential attack vectors.

For continuous updates on cybersecurity threats, follow Fortinet’s official channels. Ensuring prompt application of security patches is crucial to safeguarding systems against such vulnerabilities.

Cyber Security News Tags:API access, CVE-2026-35616, cyber threat, Cybersecurity, Defused, endpoint management, FortiClient EMS, Fortinet, Hotfix, network security, Patch, privilege escalation, zero-day vulnerability

Post navigation

Previous Post: Progress ShareFile Flaws Risk Server Takeover
Next Post: Hackers Exploit Code Leak to Spread Malware via GitHub

Related Posts

AI Security Innovations Shine at 2026 Cyber Awards AI Security Innovations Shine at 2026 Cyber Awards Cyber Security News
Critical Vulnerabilities Patched in Next.js and React Critical Vulnerabilities Patched in Next.js and React Cyber Security News
Hackers Launch Widespread Attacks on Palo Alto GlobalProtect Portals from 7,000+ IPs Hackers Launch Widespread Attacks on Palo Alto GlobalProtect Portals from 7,000+ IPs Cyber Security News
Indian Authorities Dismantled Cybercriminals That Impersonate as Microsoft Tech Support Indian Authorities Dismantled Cybercriminals That Impersonate as Microsoft Tech Support Cyber Security News
CISA Warns of VMware Tools and Aria Operations 0-Day Vulnerability Exploited in Attacks CISA Warns of VMware Tools and Aria Operations 0-Day Vulnerability Exploited in Attacks Cyber Security News
Southeast Asian Government Targeted in Cyber Espionage Campaign Southeast Asian Government Targeted in Cyber Espionage Campaign Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft
  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft
  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark