> TritonInfoSec News
Home / Apr 05, 2026 / Story
0
#1 The Hacker News general April 05, 2026 at 04:32 UTC

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

By [email protected] (The Hacker News)

AI Summary

Fortinet patched CVE-2026-35616 (CVSS 9.1), a critical pre-authentication API access bypass in FortiClient EMS that allows privilege escalation and has been actively exploited in the wild. The vulnerability stems from improper access control (CWE-284) and received out-of-band patches due to active exploitation. This affects enterprise endpoint management systems and requires immediate patching by organizations using FortiClient EMS.

Read full article → https://thehackernews.com/2026/04/fortinet-patches…

Relevance score: 95.0/100

# More from April 05

  1. 2
    36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants The Hacker News
  2. 3
    Axios npm hack used fake Teams error fix to hijack maintainer account BleepingComputer
  3. 4
    European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack SecurityWeek
  4. 5
    LinkedIn secretly scans for 6,000+ Chrome extensions, collects data BleepingComputer
  5. 6
    Device code phishing attacks surge 37x as new kits spread online BleepingComputer
  6. 7
    TrueConf Zero-Day Exploited in Asian Government Attacks SecurityWeek
  7. 8
    React2Shell Exploited in Large-Scale Credential Harvesting Campaign SecurityWeek
  8. 9
    New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images The Hacker News
  9. 10
    CERT-EU: European Commission hack exposes data of 30 EU entities BleepingComputer