Fortinet has announced the release of out-of-band patches for a critical vulnerability, CVE-2026-35616, affecting FortiClient EMS. This flaw, which has been assigned a CVSS score of 9.1, allows pre-authentication API access bypass that can lead to privilege escalation. The company identified that this vulnerability is currently being actively exploited in the wild, underscoring the urgency for users to apply the patches immediately to mitigate potential security risks.
For businesses relying on FortiClient EMS, the implications of this vulnerability are significant. Organizations must prioritize the deployment of these patches to safeguard their networks against unauthorized access and potential data breaches. The incident highlights the importance of maintaining up-to-date security measures and monitoring for vulnerabilities, especially those that are actively exploited. In the broader context of cybersecurity and AI, this serves as a reminder for companies to adopt proactive vulnerability management strategies to protect their digital assets in an increasingly threatening landscape.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/04/fortinet-patches-actively-exploited-cve.html)*