Fortinet issues hotfix after zero‑day exploited in the wild.

Fortinet released emergency fixes for a critical FortiClient EMS flaw that allowed unauthenticated attackers to execute remote code by sending crafted requests. The company confirmed the bug, CVE‑2026‑35616, was already being exploited and urged organizations to apply hotfixes for versions 7.4.5 and 7.4.6 while awaiting a full update. Security researchers say roughly 2,000 internet‑exposed EMS instances remain vulnerable, and exploitation attempts began as early as March 31. CISA added the flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by April 9.

Read more:

https://www.securityweek.com/fortinet-rushes-emergency-fixes-for-exploited-zero-day/