Post Date: 2026/04/28

[Vulnerability Alert] Critical Security Vulnerability in FortiClientEMS (CVE-2026-35616)

  • Subject: [Vulnerability Alert] Critical Security Vulnerability in FortiClientEMS (CVE-2026-35616)


  • Description:
    • Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert: TWCERTCC-200-202604-00000002.
    • FortiClientEMS is an endpoint management server under Fortinet used for the centralized management of FortiClient agents, supporting endpoint deployment, configuration, and monitoring. A critical security vulnerability advisory was recently released (CVE-2026-35616, CVSS: 9.8). This is an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specially crafted requests.
  • Affected Platforms:
    • FortiClientEMS versions 7.4.5 to 7.4.6 (inclusive)
  • Recommended Actions:
    • Please update to FortiClientEMS version 7.4.7 (inclusive) or later.
  • Reference Material:
    1. https://www.twcert.org.tw/tw/cp-169-10821-6cda6-1.html

Computer and Communication Center
Network Systems Division