{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35616", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2026-04-03T23:49:34.986Z", "datePublished": "2026-04-04T00:38:35.828Z", "dateUpdated": "2026-04-07T15:58:53.439Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiClientEMS", "cpes": ["cpe:2.3:a:fortinet:forticlientems:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.5", "lessThanOrEqual": "7.4.6", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-07T15:58:53.439Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-284", "description": "Escalation of privilege", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to upcoming FortiClientEMS version 8.0.0 or above\nUpgrade to upcoming FortiClientEMS version 7.4.7 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-099", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-099"}]}, "adp": [{"references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35616", "tags": ["government-resource"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T00:00:00+00:00", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-35616"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-04-06", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35616"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T03:55:31.536Z"}, "timeline": [{"time": "2026-04-06T00:00:00.000Z", "lang": "en", "value": "CVE-2026-35616 added to CISA KEV"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35616", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-06T15:06:09.640561Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-04-06", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35616"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35616", "tags": ["government-resource"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-04T10:53:23.244Z"}, "timeline": [{"lang": "en", "time": "2026-04-06T00:00:00.000Z", "value": "CVE-2026-35616 added to CISA KEV"}]}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:forticlientems:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiClientEMS", "versions": [{"status": "affected", "version": "7.4.5", "versionType": "semver", "lessThanOrEqual": "7.4.6"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to upcoming FortiClientEMS version 8.0.0 or above\nUpgrade to upcoming FortiClientEMS version 7.4.7 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-099", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-099"}], "descriptions": [{"lang": "en", "value": "A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Escalation of privilege"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-07T15:58:53.439Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35616", "state": "PUBLISHED", "dateUpdated": "2026-04-07T15:58:53.439Z", "dateReserved": "2026-04-03T23:49:34.986Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2026-04-04T00:38:35.828Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"cisaActionDue": "2026-04-09", "cisaExploitAdd": "2026-04-06", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Fortinet FortiClient EMS Improper Access Control Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "7CFAA44F-6B24-4702-93B8-94B703D684D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:forticlientems:7.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "4AA9A954-1D6F-4B4D-9670-1DCF14F59737", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests."}], "id": "CVE-2026-35616", "lastModified": "2026-04-06T18:12:57.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2026-04-04T01:16:39.720", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory", "Patch"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-099"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35616"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.4.5,7.4.6]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiClientEMS", "source": "cna", "vendor": "Fortinet"}, "product": "forticlientems", "vendor": "fortinet"}], "analysis": {"en": {"generated_at": "2026-04-04T03:50:27.270133+00:00", "value": {"mitigation_remediation": ["Upgrade to FortiClientEMS version 7.4.7 or later", "Upgrade to FortiClientEMS version 7.2.11 or later"], "summary": {"action": "Patch Now", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Fortinet FortiClientEMS versions 7.4.5 and 7.4.6 are affected. The product is included in Fortinet's endpoint management suite. Current fixed releases begin with version 7.4.7 and earlier release 7.2.11 provides a similar fix for older deployments.", "description_and_impact": "A vulnerability in FortiClientEMS 7.4.5 and 7.4.6 permits an unauthenticated attacker to execute arbitrary code or commands by sending specially crafted requests. The flaw is an improper access control that bypasses authentication checks, enabling the attacker to gain control of the system. Because the attack does not require initial authentication, the exposed code may run with the privileges of the FortiClientEMS process, potentially compromising the entire host.", "risk_and_exploitability": "The CVSS score of 9.1 indicates high severity, and the vulnerability is publicly known. The EPSS score is not available, so the exact likelihood of exploitation is unknown, but the flaw is likely exploitable over the network via crafted requests to the EMS API. The vulnerability has not been listed in the CISA KEV catalog, so there is no official \u201cknown exploited\u201d status yet. Administrators should treat the issue as critical and address it promptly."}}}}, "created": "2026-04-06T20:27:47.879068+00:00", "title": "Unauthenticated Remote Code Execution in FortiClientEMS 7.4.5-7.4.6", "updated": "2026-04-06T22:21:07.057110+00:00", "vendors": ["fortinet", "fortinet$PRODUCT$forticlientems"]}