Hackers Exploit Fortinet FortiClient EMS Flaw to Deploy Credential-Stealing Malware EKZ

Hackers are actively exploiting an authentication bypass vulnerability (CVE-2026-35616) in Fortinet’s FortiClient Enterprise Management Server (EMS) to deploy an undocumented credential-stealing malware named EKZ. The flaw allows attackers to bypass security controls and deliver the infostealer without requiring valid credentials. No specific timeline or affected versions were disclosed, but the attack targets FortiClient EMS deployments. The malware’s primary impact involves the theft of sensitive authentication data from compromised systems. Fortinet has not yet released a public advisory detailing mitigation steps or patches.