CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2026-35616

CVSS 9.8v3.1pub. 2026-04-04upd. 2026-04-06

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

🤖 AI Analysis
How it works

The vulnerability results from improper access control implementation (CWE-284), which does not require the attacker to possess any credentials. An attacker can send specially crafted network requests to the vulnerable FortiClientEMS server, bypassing authentication mechanisms. As a result, arbitrary code or commands can be executed in the context of the application.

Impact

An attacker gains the ability to execute code or commands without authorization on the vulnerable system without requiring authentication, which may lead to complete takeover of the FortiClientEMS server and compromise of data confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the vendor immediately according to references published by Fortinet at https://fortiguard.fortinet.com/psirt/FG-IR-26-099. Until updates are deployed, it is recommended to restrict access to the FortiClientEMS interface to trusted IP addresses only and implement network segmentation.

Who is affected

Fortinet FortiClientEMS versions 7.4.5 and 7.4.6

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Forticlientems

    APP
    Fortinet
    7.4.57.4.6

CISA KEV — detailsi

Vendori
Fortinet
Producti
FortiClient EMS
Added to KEVi
April 6, 2026
Remediation deadline (US Federal)i
April 9, 2026(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 9 kwietnia 2026
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-21643CRITICAL9.8⚠ KEVPL ✓ten sam produkt

SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu

CVE-2025-59922HIGH7.2ten sam produkt

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89]...

CVE-2024-23106HIGH8.1ten sam produkt

An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through...

CVE-2026-39809MEDIUM6.7ten sam produkt

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortin...

CVE-2026-39810MEDIUM6.0ten sam produkt

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow a...