Changeflow GovPing Data Privacy & Cybersecurity FortiClientEMS Vulnerability CVE-2026-35616 Act...
Urgent Guidance Added Final

FortiClientEMS Vulnerability CVE-2026-35616 Actively Exploited

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published
Detected
Email

Summary

CERT-FR issued advisory CERTFR-2026-AVI-0400 warning of active exploitation of CVE-2026-35616 in Fortinet FortiClientEMS. The vulnerability allows remote code execution, privilege escalation, and security policy bypass on affected versions 7.4.x through 7.4.5. Organizations running vulnerable FortiClientEMS deployments are urged to apply patches immediately.

View original document View source feed page

What changed

CERT-FR published a critical security advisory regarding CVE-2026-35616, a vulnerability in Fortinet FortiClientEMS that is actively exploited in the wild. The vulnerability enables unauthenticated attackers to achieve remote code execution, privilege escalation, and bypass security policies on vulnerable installations. Affected systems running FortiClientEMS 7.4.x through 7.4.5 without the latest patches are at immediate risk.

Organizations using Fortinet endpoint management software should prioritize applying the vendor-provided security updates immediately. If immediate patching is not feasible, network isolation and enhanced monitoring for exploitation attempts are recommended as interim measures. The French cybersecurity authority's advisory underscores the active threat landscape targeting this vulnerability.

What to do next

  1. Apply security patches from Fortinet bulletin FG-IR-26-099 (patch to version 7.4.6 or later)
  2. Isolate affected systems from network if patching cannot be performed immediately
  3. Monitor for indicators of compromise related to CVE-2026-35616 exploitation

Archived snapshot

Apr 8, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 07 avril 2026 N° CERTFR-2026-AVI-0400 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Vulnérabilité dans Fortinet FortiClientEMS

Gestion du document

| Référence | CERTFR-2026-AVI-0400 |
| Titre | Vulnérabilité dans Fortinet FortiClientEMS |
| Date de la première version | 07 avril 2026 |
| Date de la dernière version | 07 avril 2026 |
| Source(s) | Bulletin de sécurité Fortinet FG-IR-26-099 du 04 avril 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Contournement de la politique de sécurité
  • Exécution de code arbitraire à distance
  • Élévation de privilèges

Systèmes affectés

  • FortiClientEMS versions 7.4.x postérieures ou égales à 7.4.5 sans les derniers correctifs de sécurité

Résumé

Une vulnérabilité a été découverte dans Fortinet FortiClientEMS. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un contournement de la politique de sécurité.

Fortinet indique que la vulnérabilité CVE-2026-35616 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 07 avril 2026 Version initiale

Related changes

Favicon for www.cert.ssi.gouv.fr Multiple Vulnerabilities in Microsoft Azure Linux, 6 CVEs
Priority review Apr 10, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for ansm.sante.fr Anti-Lea Reagent Safety Alert - Diagast Immuno-Hematology
Priority review Apr 10, 2026 ANSM Drug & Device Safety Alerts Pharma & Drug Safety
Favicon for ansm.sante.fr Monnal TEO Ventilator Field Safety Corrective Action - Air Liquide Medical Systems
Urgent Apr 10, 2026 ANSM Drug & Device Safety Alerts Pharma & Drug Safety

Get daily alerts for CERT-FR Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from ANSSI.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
ANSSI
Published
April 7th, 2026
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CERTFR-2026-AVI-0400

Who this affects

Applies to
Technology companies Government agencies Healthcare providers
Industry sector
5112 Software & Technology
Activity scope
Vulnerability patching Endpoint security management Remote code execution mitigation
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Information Security Public Health

Browse Categories

Agriculture & Food Safety 64 AI Regulation 3 Banking & Finance 291 Consumer Protection 44 Courts & Legal 361 Data Privacy & Cybersecurity 73 Defense & National Security 51 Education 19 Energy 100 Environment 86 Environmental Regulation 8 Financial Regulation 2 Government & Legislation 279 Healthcare 136 Housing 16 Immigration 8 Insurance 58 Labor & Employment 113 Pharma & Drug Safety 104 Public Health 2 Securities & Markets 103 Securities Regulation 6 Tax 65 Telecom & Technology 47 Trade & Sanctions 135 Transportation 57

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!