CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks

A critical FortiClient EMS vulnerability (CVE-2026-35616, CVSS 9.1) permitting unauthenticated remote code execution has been actively exploited in the wild; attackers pushed a fake Fortinet update via EMS to execute PowerShell and deploy EKZ Infostealer, which harvests browser credentials and exfiltrates them over HTTP. Fortinet issued out-of-band hotfixes for affected 7.4.5/7.4.6 and plans a permanent fix in 7.4.7, and CISA added the flaw to its Known Exploited Vulnerabilities catalog.