9.8

CVE-2026-35616

Warnung

Medienbericht

EPSS 25.26%
Veröffentlicht 04.04.2026 00:38:35
Zuletzt bearbeitet 06.04.2026 18:12:57
Quelle psirt@fortinet.com
CVE-Watchlists
Login
Unerledigt
Login

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Forticlientems Version7.4.5

Fortinet ≫ Forticlientems Version7.4.6

06.04.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Fortinet FortiClient EMS Improper Access Control Vulnerability

Schwachstelle

Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	25.26%	0.962

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@fortinet.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://www.bleepingcomputer.com/news/security/cisa-flags-apache-activemq-flaw-as-actively-exploited-in-attacks/

Media Report

https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/

Media Report

https://thehackernews.com/2026/04/weekly-recap-axios-hack-chrome-0-day.html

Media Report

https://thehackernews.com/2026/04/fortinet-patches-actively-exploited-cve.html

Media Report

https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-fortinet-flaw-exploited-in-attacks-by-friday/

Media Report

https://www.bleepingcomputer.com/news/security/new-fortinet-forticlient-ems-flaw-cve-2026-35616-exploited-in-attacks/

Media Report

https://www.heise.de/news/FortiClient-EMS-Kritische-Codeschmuggel-Luecke-wird-angegriffen-11246000.html

Media Report

https://fortiguard.fortinet.com/psirt/FG-IR-26-099

Patch

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35616

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2026-35616

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-35616

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-35616

EUVD