The cybersecurity vendor released an emergency patch over the weekend to address the flaw in FortiClient Enterprise Management Server (EMS).
Fortinet disclosed that it has observed exploitation of a vulnerability in its FortiClient EMS (Enterprise Management Server) platform, prompting the release of an emergency patch.
The software update was released on Saturday, with Fortinet urging speedy deployment of the fixes addressing the privilege escalation vulnerability, which is tracked at CVE-2026-35616.
“Fortinet has observed this to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient EMS 7.4.5 and 7.4.6,” the cybersecurity vendor said in its security advisory published Saturday.
The flaw “may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests,” Fortinet said in the advisory. The vulnerability has been awarded a “critical” rating with a severity score of 9.1 out of 10.0.
While versions of FortiClient EMS 7.4 are affected—specifically versions 7.4.5 and 7.4.6—FortiClient EMS 7.2 is not impacted, according to Fortinet.
In a statement provided to CRN Monday, Fortinet said it has provided “mitigation guidance, patch update and recommended next steps” regarding the vulnerability in its advisory published Saturday.
The company’s “response and remediation efforts remain ongoing,” with the vendor aiming to balance “our commitment to the security of our customers and our culture of responsible transparency,” Fortinet said in the statement. “With that goal and principle top of mind, we are communicating directly with customers to advise on any necessary actions.”
In February, AWS disclosed research findings showing that more than 600 Fortinet FortiGate firewalls had been hacked by “unsophisticated” cybercriminals using off-the-shelf GenAI tools. The threat actors managed to scale the attack to more than 55 countries, according to the incident report from AWS.
