CISA orders feds to patch exploited Fortinet EMS flaw by Friday
bleepingcomputer.com • • business
Key Points:
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to secure FortiClient Enterprise Management Server (EMS) instances by April 9 due to an actively exploited vulnerability, CVE-2026-35616.
- This vulnerability allows attackers to bypass authentication and authorization controls via a pre-authentication API access bypass, enabling unauthorized code execution or commands.
- Fortinet released emergency hotfixes and advised IT administrators to apply them immediately or upgrade to FortiClient EMS version 7.4.7 to mitigate ongoing zero-day attacks exploiting this flaw.
- Nearly 2,000 FortiClient EMS instances remain exposed online, with over 1,400 located in the U.S. and Europe, though the number of patched systems is unknown.
- CISA included the vulnerability in its Known Exploited Vulnerabilities Catalog and urged both federal and private sector organizations to prioritize patching, highlighting the significant risk this issue poses to cybersecurity.
 { path { fill: %23EEEFE9 } })
