Skip to main content

Fortinet CVE-2026-35616

| EUVDEUVD-2026-18963 CRITICAL
Improper Access Control (CWE-284)
2026-04-04 fortinet
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Added to CISA KEV
Apr 06, 2026 - 18:12 cisa
CISA KEV
CIRCL Exploitation Confirmed
Apr 06, 2026 - 18:12 circl
CIRCL KEV
PoC Detected
Apr 06, 2026 - 18:12 vuln.today
Public exploit code
Started Trending
Apr 06, 2026 - 16:01 vuln.today
12.8
EUVD ID Assigned
Apr 04, 2026 - 01:00 euvd
EUVD-2026-18963
Analysis Generated
Apr 04, 2026 - 01:00 vuln.today
CVE Published
Apr 04, 2026 - 00:38 nvd
CRITICAL 9.8

DescriptionCVE.org

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

AnalysisAI

Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute arbitrary code via crafted network requests. The vulnerability stems from improper access control (CWE-284) and requires no user interaction or privileges (CVSS PR:N). With a CVSS score of 9.1 (Critical) and low attack complexity, this represents a severe exposure for organizations using affected FortiClientEMS versions. The CVSS temporal metrics indicate functional exploit code exists (E:F) with an official fix available (RL:O), making this a high-priority patching target despite no confirmed active exploitation (not present in CISA KEV).

Technical ContextAI

FortiClientEMS is Fortinet's endpoint management system used to centrally manage FortiClient deployments across enterprise environments. The vulnerability is rooted in CWE-284 (Improper Access Control), indicating insufficient enforcement of security boundaries when processing network requests. The affected product CPE (cpe:2.3:a:fortinet:forticlientems) identifies this as an application-level flaw in the management server component. The network attack vector (AV:N) combined with no authentication requirement (PR:N) suggests the vulnerable endpoint is exposed without proper authentication checks, allowing remote attackers to bypass access controls entirely. This class of vulnerability typically involves API endpoints, administrative interfaces, or command handlers that fail to validate caller privileges before executing privileged operations, enabling unauthorized code execution with the permissions of the FortiClientEMS service itself.

RemediationAI

Organizations should immediately upgrade FortiClientEMS to a patched version as specified in the official Fortinet security advisory at https://fortiguard.fortinet.com/psirt/FG-IR-26-099. The CVSS temporal metric RL:O indicates an official remediation is available from the vendor. Until patching is complete, network-level mitigations should be implemented including restricting access to FortiClientEMS management interfaces to trusted IP ranges only, deploying intrusion prevention signatures to detect exploitation attempts, and monitoring FortiClientEMS logs for unusual authentication patterns or command execution. Given the authentication bypass nature and network attack vector, firewall rules limiting exposure of the management interface to the public internet provide critical interim protection. Organizations should prioritize this remediation given the functional exploit code availability and critical severity rating.

CVE-2025-64446 CRITICAL POC
9.8 Nov 14

Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative comman

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2025-58034 HIGH POC
7.2 Nov 18

Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized c

CVE-2016-1909 CRITICAL POC
9.8 Jan 15

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0

CVE-2016-6909 CRITICAL POC
9.8 Aug 24

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9

CVE-2026-21643 CRITICAL POC
9.8 Feb 06

A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized

CVE-2025-25256 CRITICAL POC
9.8 Aug 12

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in

CVE-2026-24858 CRITICAL
9.8 Jan 27

Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2012-1461 MEDIUM
4.3 Mar 21

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5

CVE-2012-1459 MEDIUM
4.3 Mar 21

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7,

CVE-2015-1880 MEDIUM POC
4.3 May 12

Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote a

Share

CVE-2026-35616 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy