Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)

Security Patch Release
First reported
Last updated
Happening score
H score 59
1 unique sources, 1 articles

Summary

Hide ▲

Fortinet released an emergency hotfix for FortiClient Enterprise Management Server (EMS) after confirming active exploitation of CVE-2026-35616, a critical flaw that can let an unauthenticated attacker run unauthorized code or commands. Customers on FortiClient EMS 7.4.5 and 7.4.6 were urged to install the fix immediately, with 7.4.7 also planned to include a remedy. The same product line also faced CVE-2026-21643, adding urgency for organizations that rely on EMS to manage endpoint fleets.

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Exim security patch release for CVE-2026-45185

Security Patch Release
First: 13.05.2026 23:23 Last: 13.05.2026 23:23 Sources 1

About this happening: **Exim** released **version 4.99.3** to fix **CVE-2026-45185**, closing a **remote-code-execution risk** in affected mail servers. The patch applies to **Exim versions before 4.99...

Open Happening

Fortinet security patch release for CVE-2026-44277

Security Patch Release
First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Open Happening

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Open Happening

Cisco security patch release for CVE-2026-20184

Security Patch Release
First: 16.04.2026 14:27 Last: 16.04.2026 14:27 Sources 1

About this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...

Open Happening

Timeline

  1. 07.04.2026 12:26 2 articles · 1mo ago

    Fortinet issues emergency FortiClient EMS hotfix

    Mitigation Patch Update

    Fortinet urged customers running FortiClient Enterprise Management Server (EMS) 7.4.5 and 7.4.6 to install an emergency hotfix after confirming that CVE-2026-35616, a critical CVSS 9.1 improper access control flaw, was exploited in the wild and could let an unauthenticated attacker execute unauthorized code or commands via crafted requests. Fortinet also pointed customers to remediation for CVE-2026-21643, a CVSS 9.8 SQL injection flaw that was also being exploited in the wild, advising upgrade to 7.4.5 or later or disconnecting the administrative web interface from the internet; the vendor said the hotfix is sufficient to prevent CVE-2026-35616 entirely and that upcoming FortiClientEMS 7.4.7 will also include a fix.

    Show sources
    Open in new tab