The government has issued an advisory regarding a critical vulnerability in Fortinet’s FortiClient EMS, which is affecting systems worldwide. The vulnerability, tracked as CVE-2026-35616, is caused by improper access control and impacts FortiClient EMS versions 7.4.5 through 7.4.6.
A remote attacker could exploit this flaw to execute arbitrary code, leading to privilege escalation and remote code execution (RCE) on targeted systems.
The vulnerability is reportedly being actively exploited, significantly increasing the risk for organizations with unpatched or exposed systems. Once successfully exploited, attackers could gain full control of affected EMS servers. This could allow threat actors to alter endpoint configurations, deploy malicious policies, and enable lateral movement within enterprise networks, potentially causing severe damage.
The advisory stresses the need for immediate remediation. Organizations are strongly urged to apply available patches, restrict access to the EMS interface, and upgrade to FortiClient EMS version 7.4.7 or later. These measures are essential to mitigate the risk of exploitation and protect critical infrastructure. The government has emphasized that administrators and asset owners must act without delay to avoid potential security breaches.
The impact of this vulnerability includes system compromise, unauthorized device control, data exposure, and arbitrary code execution. These risks pose a serious threat to system integrity and cybersecurity, particularly for government institutions and organizations handling sensitive information.
The government has reiterated that compliance with the advisory is critical for the protection of national infrastructure. The advisory includes further technical guidance for securing affected systems.
