US EditionNew Fortinet Zero-Day Warning—Update Now, Attacks Underway
Fortinet said the flaw has a CVSS score of 9.8, and researchers found nearly 2,000 publicly exposed FortiClient EMS instances.
- On Monday, the Cybersecurity and Infrastructure Security Agency added CVE-2026-35616 to its known exploited vulnerabilities catalog, noting the critical flaw carries a CVSS rating of 9.8.
- Fortinet warned in a Saturday security advisory that it has seen the vulnerability being actively exploited in the wild, sharing similarities with CVE-2026-21643 disclosed in Feb.
- On Sunday, Shadowserver scans found nearly 2,000 publicly exposed instances of FortiClient EMS, while Benjamin Harris, CEO, told CyberScoop that unknown attackers were first observed attempting to exploit the vulnerability on March 31.
- Fortinet released an emergency software update over the weekend to address the issue, though a comprehensive patch is not yet available, and the company is communicating directly with customers to advise on necessary actions.
- Since early 2025, CISA has added 10 Fortinet defects to its known exploited vulnerabilities catalog, and Caitlin Condon, vice president of security research at VulnCheck, noted that Fortinet solutions are popular targets for threat actors.
11 Articles
11 Articles
CyberScoopcybernoz.comFortinet customers confront actively exploited zero-day, with a full patch still pending
Fortinet released an emergency software update over the weekend to address an actively exploited vulnerability in FortiClient EMS, an endpoint management tool for customer devices. The zero-day vulnerability — CVE-2026-35616 — has a CVSS rating of 9.8 and was added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerability catalog Monday. Fortinet said in a Saturday security advisory that it has seen the vulnerabili…
Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw
Hackers have been exploiting a critical vulnerability in FortiClient Endpoint Management Server (FortiClient EMS) since at least the end of March. Fortinet has published an advisory and released an emergency hotfix that can be applied to affected deployments until a patched version can be released. The vulnerability, now tracked as CVE-2026-35616, allows unauthenticated attackers to remotely execute arbitrary code on FortiClient EMS, which organ…
FortiClientEMS Flaws Under Active Exploitation
A newly disclosed set of vulnerabilities affecting Fortinet’s endpoint management platform has raised serious concerns among cybersecurity professionals, particularly as both flaws are already being actively exploited. The issues, tracked as CVE-2026-35616 and CVE-2026-21643, impact FortiClientEMS and expose systems to unauthenticated remote code execution (RCE), with attackers requiring no prior access to compromise affected servers. One of th…
CISA Alerts Defenders to Actively Exploited Fortinet Zero-Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Fortinet products. The agency officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, indicating that threat actors are actively exploiting it in the wild. The CISA KEV catalog serves as a […] The post CISA Alerts Defenders to Actively Exploited Fortinet Zero-Day Vulnerab…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium