Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Fortinet Vulnerability Exploited, CISA Issues Warning

Critical Fortinet Vulnerability Exploited, CISA Issues Warning

Posted on April 6, 2026 By CWS

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive concerning a critical vulnerability identified as CVE-2026-35616 in Fortinet’s FortiClient Enterprise Management Server (EMS). This vulnerability, added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, necessitates urgent remediation by federal agencies by April 9, 2026.

Underlining the Severity of CVE-2026-35616

The identified flaw, CVE-2026-35616, is a critical improper access control vulnerability with a CVSS score of 9.1, affecting FortiClient EMS versions 7.4.5 and 7.4.6. Notably, versions in the 7.2 branch are not impacted. This vulnerability allows attackers to bypass API authentication, escalating privileges without requiring valid user credentials.

According to Fortinet’s advisory (FG-IR-26-099), the vulnerability enables unauthorized actors to execute malicious code via crafted HTTP requests, posing a significant risk to exposed EMS systems.

Active Exploitation and Response

Exploitation of this zero-day vulnerability was first observed on March 31, 2026, by watchTowr, which detected unauthorized attempts on its honeypots. Researchers Simo Kohonen of Defused Cyber and Nguyen Duc Anh reported this vulnerability responsibly. Fortinet confirmed the active exploitation in an urgent advisory, urging affected users to apply the hotfixes for versions 7.4.5 and 7.4.6 promptly.

This incident marks the second critical vulnerability in FortiClient EMS in recent weeks, highlighting the potential security risks for internet-facing deployments. Successful exploitation can lead to unauthorized code execution and potentially allow attackers to infiltrate networks further.

Urgency of Mitigation and Broader Implications

CISA’s directive under Binding Operational Directive (BOD) 22-01 underscores the urgency of mitigating this vulnerability, with a strict deadline for federal agencies set for April 9, 2026. The rapid response underscores the critical nature of the threat.

The Shadowserver Foundation has identified over 2,000 publicly accessible FortiClient EMS instances globally, with two confirmed cases of active exploitation. This widespread exposure increases the urgency for administrators to secure their systems against this critical vulnerability.

In conclusion, the swift action by CISA and Fortinet emphasizes the importance of addressing cybersecurity threats promptly. Organizations using affected FortiClient EMS versions are urged to implement the necessary patches to safeguard their infrastructure.

Cyber Security News Tags:API access, CISA, CVE-2026-35616, cyber threat, Cybersecurity, EMS, Fortinet, Honeypot, internet security, IT security, privilege escalation, remote code execution, security patch, Vulnerability, zero-day exploit

Post navigation

Previous Post: North Korea Leverages Modular Malware to Evade Detection
Next Post: North Korean Hackers Exploit GitHub in South Korea Cyber Attacks

Related Posts

OverlayPhantom Trojan Exploits Android Devices OverlayPhantom Trojan Exploits Android Devices Cyber Security News
Okta Security Releases Auth0 Event Logs for Proactive Threat Detection Okta Security Releases Auth0 Event Logs for Proactive Threat Detection Cyber Security News
Critical Flaw in Avada Plugin Threatens 1 Million Sites Critical Flaw in Avada Plugin Threatens 1 Million Sites Cyber Security News
New PoisonSeed Attack Let Attackers Trick Users into Scanning a QR Code with an MFA Authenticator New PoisonSeed Attack Let Attackers Trick Users into Scanning a QR Code with an MFA Authenticator Cyber Security News
Android Malware Alert: MiningDropper’s Dangerous Impact Android Malware Alert: MiningDropper’s Dangerous Impact Cyber Security News
F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Ubiquiti Exposes 25 Critical UniFi Security Flaws
  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Ubiquiti Exposes 25 Critical UniFi Security Flaws
  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark