Vulnerability in Fortinet FortiClientEMS Allows Remote Code Execution and Privilege Escalation

A vulnerability has been discovered in Fortinet FortiClientEMS, identified as CVE-2026-35616, which allows attackers to execute arbitrary remote code, escalate privileges, and bypass security policies. The flaw is actively exploited, as confirmed by Fortinet. The notice was published on April 7, 2026, by the French government’s CERT (CERT-FR). No specific affected versions or additional technical details were provided in the report. The impacts include unauthorized code execution and privilege escalation within the affected system.