Instant Takedown Service
Data Leaks Monitoring
Fraudulent Ads & Channel Protection
Attack Surface & Infrastructure Protection
Fraud & Phishing Prevention
Secr AI Technologies
Brand Protection
Cyber Threat Intelligence
External Attack Surface Management
Summary Information
| CVE Numbers | CVE-2026-35616, CVE-2026-21643 |
| Affected Product | FortiClient EMS |
| Affected Versions | 7.4.5, 7.4.6 |
| Vulnerability Type | Pre-Authentication Remote Code Execution (Pre-Auth RCE) |
| Exploitation Status | Actively exploited |
| Vendor | Fortinet |
Vulnerability Details
According to the latest information published by Fortinet, a critical security vulnerability affecting the FortiClient EMS product has been identified as being actively exploited. This indicates that the relevant systems can be directly targeted.
The vulnerability allows attackers to execute unauthorized commands or code on the system through specially crafted requests without requiring authentication. This creates a risk of unauthorized access and potential takeover of system control.
Affected Versions
- FortiClient EMS 7.4.5
- FortiClient EMS 7.4.6
Additional Assessment
Considering that the CVE-2026-21643 vulnerability affecting the same product was also recently identified as being actively exploited, it is understood that the FortiClient EMS product is being heavily targeted by threat actors. This indicates that systems are continuously being scanned and vulnerabilities can be rapidly exploited.
Recommended Actions
- Immediately apply the hotfixes released by Fortinet and increase the protection level of the systems
- Upgrade systems to up-to-date and secure versions as soon as possible
- Regularly review FortiClient EMS access logs and identify suspicious activities
- Restrict direct external network access to the EMS server and prefer secure access methods such as VPN when necessary
References
- FortiClient EMS 7.4.5 Release Notes: docs.fortinet.com
- FortiClient EMS 7.4.6 Release Notes: docs.fortinet.com