Fortinet Releases Emergency Patches for Actively Exploited High-Severity Flaw

Fortinet released emergency out-of-band patches for a high-severity vulnerability in FortiClient EMS, tracked as CVE-2026-35616 with a CVSS score of 9.1. The flaw is an improper access control issue that allows attackers to bypass authentication and is actively being exploited in the wild. No specific attack vectors, threat actors, or affected versions were disclosed in the notice. The vulnerability was addressed through immediate security updates following confirmed exploitation. The incident underscores the urgency of applying patches to mitigate ongoing attacks targeting Fortinet systems.