Is Fortinet affected by CVE-2026-35616?

Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 contain a critical remote code execution vulnerability allowing unauthenticated attackers to execute arbitrary commands on affected systems.

CVE-2026-35616

EUVD-2026-18963 CRITICAL

2026-04-04 fortinet

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Added to CISA KEV

Apr 06, 2026 - 18:12 cisa

CISA KEV

CIRCL Exploitation Confirmed

Apr 06, 2026 - 18:12 circl

CIRCL KEV

PoC Detected

Apr 06, 2026 - 18:12 vuln.today

Public exploit code

Started Trending

Apr 06, 2026 - 16:01 vuln.today

12.8

Analysis Generated

Apr 04, 2026 - 01:00 vuln.today

EUVD ID Assigned

Apr 04, 2026 - 01:00 euvd

EUVD-2026-18963

CVE Published

Apr 04, 2026 - 00:38 nvd

CRITICAL 9.8

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Analysis

Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute arbitrary code via crafted network requests. The vulnerability stems from improper access control (CWE-284) and requires no user interaction or privileges (CVSS PR:N). …

Remediation

Within 24 hours: Identify all FortiClientEMS installations and confirm versions 7.4.5 and 7.4.6 inventory; contact Fortinet for available patches or interim versions. Within 7 days: Apply vendor-released patch immediately upon availability; if unavailable, isolate affected FortiClientEMS servers from untrusted networks and restrict network access to administrative personnel only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

124

Low Medium High Critical

KEV: +50

EPSS: +0.0

CVSS: +49

POC: +20

CVE-2026-35616 vulnerability details – vuln.today

Back

CVE-2026-35616

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-35616

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code