Fortinet FortiClient EMS CVE-2026-35616

Incident Report for Steentjes ICT

Resolved

Fortinet heeft voor FortiClient EMS een Beveiligings lek gevonden;

-----

An Improper Access Control vulnerability [CWE-284] in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Fortinet has observed this to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient EMS 7.4.5 and 7.4.6, by following the instructions at:
https://docs.fortinet.com/document/forticlient/7.4.5/ems-release-notes/832484 - for FortiClientEMS 7.4.5
https://docs.fortinet.com/document/forticlient/7.4.6/ems-release-notes/832484 - for FortiClientEMS 7.4.6

Upcoming FortiClientEMS 7.4.7 will also include a fix for this issue. In the meantime the hotfix above is sufficient to prevent it entirely.

Version | Affected | Solution
FortiClientEMS 7.4 | 7.4.5 through 7.4.6 | Upgrade to upcoming 7.4.7 or above
FortiClientEMS 7.2 | Not affected | Not Applicable

Fortinet remediated this issue in FortiClient Cloud and hence customers do not need to perform any action.
Fortinet remediated this issue in FortiSASE and hence customers do not need to perform any action.

-----

📧 Heb je vragen over deze update of wil je weten wat dit voor jouw omgeving betekent? Neem gerust contact met ons op via support@steentjesict.nl of bel ons op 0544 724 190.
Met vriendelijke groet,
Steentjes ICT
Posted Apr 10, 2026 - 09:21 CEST
This incident affected: Security Melding (Fortinet) and SaaS Diensten (FortiClientEMS Cloud).
Current Status Powered by Atlassian Statuspage