CVE-2026-35616

Summary

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientEMS7.4.5 <= 7.4.6affected

Weaknesses

  • CWE-284: Escalation of privilege

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References