Fortinet FortiClient EMS vulnerability: CVE-2026-35616

Fortinet FortiClient Endpoint Management Server contains a critical API authentication/authorization bypass (CVE-2026-35616, CVSS 9.1) affecting FortiClientEMS 7.4.5–7.4.6; Fortinet confirms active exploitation in the wild. Successful exploitation may allow remote, unauthenticated attackers to execute unauthorized code or commands; vendors recommend upgrading to 7.4.7 or applying the listed hotfixes (7.4.5.2111, 7.4.6.2170).