"Fortinet has observed this to be exploited in the wild. Remote attackers could send crafted requests to a vulnerable FortiClient EMS to trigger the bug, which allows for remote code execution without requiring authentication."
"The company announced the availability of hotfixes to address the security defect in FortiClient EMS versions 7.4.5 and 7.4.6, noting that version 7.2 is not affected."
"Defused reported it to Fortinet under responsible disclosure after observing in-the-wild exploitation of this vulnerability earlier this week."
"The Shadowserver Foundation says it has observed approximately 2,000 FortiClient EMS instances that are accessible from the internet, potentially exposed to attacks exploiting the new zero-day."
Fortinet addressed a critical vulnerability in FortiClient Enterprise Management Server (EMS), tracked as CVE-2026-35616, which allows remote code execution. The flaw, with a CVSS score of 9.1, can be exploited by sending crafted requests without authentication. Fortinet released hotfixes for versions 7.4.5 and 7.4.6, while version 7.2 is unaffected. The vulnerability was reported by cybersecurity firm Defused after observing its exploitation in the wild. Approximately 2,000 FortiClient EMS instances are exposed to potential attacks, including another recently patched SQL injection vulnerability.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]