Critical severity9.8CISA KEVNVD Advisory· Published Apr 4, 2026· Updated Apr 6, 2026
CVE-2026-35616
CVE-2026-35616
Description
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Affected products
2cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:forticlientems:7.4.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- fortiguard.fortinet.com/psirt/FG-IR-26-099nvdVendor AdvisoryPatch
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.