CVE-2026-35616 - New Exploited Vulnerability Added by CISA

The Flaw

CISA has officially added CVE-2026-35616 to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability affects Fortinet FortiClient EMS and is categorized as an Improper Access Control Vulnerability. Such vulnerabilities are often targeted by malicious actors, making them a significant risk for organizations, particularly in the federal sector.

What's at Risk

The presence of this vulnerability in the KEV Catalog indicates that it is currently being exploited in the wild. Organizations that use Fortinet products may find themselves at increased risk of cyberattacks, potentially leading to unauthorized access to sensitive data or systems.

Patch Status

As per Binding Operational Directive (BOD) 22-01, federal agencies are required to remediate identified vulnerabilities by specified deadlines. While this directive primarily applies to Federal Civilian Executive Branch (FCEB) agencies, CISA strongly encourages all organizations to prioritize the remediation of vulnerabilities listed in the KEV Catalog. This approach is crucial for reducing exposure to cyber threats.

Immediate Actions

Organizations should take the following steps to mitigate risks associated with this vulnerability:

• Assess systems for the presence of Fortinet FortiClient EMS.
• Implement necessary patches or updates as soon as they become available.
• Monitor networks for any signs of exploitation related to CVE-2026-35616.

By prioritizing these actions, organizations can enhance their security posture and protect against potential attacks stemming from this newly identified vulnerability.