CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks

News
Yanac

A critical FortiClient Endpoint Management Server (EMS) vulnerability patched in April has been exploited in fresh attacks to deploy information-stealing malware, Arctic Wolf reports. The flaw, tracked as CVE-2026-35616 (CVSS score of 9.1), can be exploited remotely via crafted requests for remote code execution (RCE) and does not require authentication. Threat actors are exploiting a critical FortiClientSecurity AffairsRead More