THREAT OPS › CVEs › CVE-2026-35616
CVE-2026-35616 — Fortinet FortiClient EMS Improper Access Control Vulnerability
Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Vulnerability details
- Affected productsFortiClient EMS
- KEV remediation due2026-04-09
Exploiting threat actors
- Volt TyphoonG1017
Related reporting
- June 2026 CVE Landscaperecordedfuture
- April 2026 CVE Landscaperecordedfuture