Main Vulnerability Database Vulnerabilities #VU124861

#VU124861 Missing authorization in FortiClientEMS - CVE-2026-35616

Published: April 4, 2026

Vulnerability identifier: #VU124861

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/U:Red

CVE-ID: CVE-2026-35616

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
FortiClientEMS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing authorization checks. A remote non-authenticated attacker can send a specially crafted HTTP request to certain API endpoint and execute arbitrary commands on the system.

Note, the vulnerability is being actively exploited in the wild.

Remediation

It is recommended to upgrade FortiClientEMS toversion 7.4.7 when it becomes available.

As a temporary solution it is recommended to apply a hotfix following the instructions below:

https://docs.fortinet.com/document/forticlient/7.4.5/ems-release-notes/832484 - for FortiClientEMS 7.4.5

https://docs.fortinet.com/document/forticlient/7.4.6/ems-release-notes/832484 - for FortiClientEMS 7.4.6

External links

https://www.fortiguard.com/psirt/FG-IR-26-099

#VU124861 Missing authorization in FortiClientEMS - CVE-2026-35616

Description

Remediation

External links

Please verify you're human