CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild

**Executive Summary:** Tenable Research reports that CVE-2026-35616 is a critical (CVSS 9.1) improper access control vulnerability in Fortinet FortiClientEMS that has been observed exploited in the wild as a zero-day; a public proof-of-concept is available and Fortinet has issued hotfixes for affected 7.4.5–7.4.6 installations with a 7.4.7 release planned. Organizations should apply the provided hotfixes immediately, review Fortinet advisories, and monitor for exploitation given Fortinet's history as a frequent target and the CVE's inclusion in CISA's KEV.