FortiClientEMS 7.4.5-7.4.6 Improper Access Control Exploit via Crafted Requests: CVE-2026-35616 April 2026

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Vulnerability Analysis

CVE-2026-35616 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2026-35616 has been classified to as an Authorization vulnerability or weakness.

Products Associated with CVE-2026-35616

Want to know whenever a new CVE is published for Fortinet Forticlientems? stack.watch will email you.

FortiClientEMS 7.4.5-7.4.6 Improper Access Control Exploit via Crafted Requests
CVE-2026-35616 Published on April 4, 2026

Vulnerability Analysis

Weakness Type

What is an Authorization Vulnerability?

Products Associated with CVE-2026-35616

Affected Versions

FortiClientEMS 7.4.5-7.4.6 Improper Access Control Exploit via Crafted RequestsCVE-2026-35616 Published on April 4, 2026

Vulnerability Analysis

Weakness Type

What is an Authorization Vulnerability?

Products Associated with CVE-2026-35616

Affected Versions

FortiClientEMS 7.4.5-7.4.6 Improper Access Control Exploit via Crafted Requests
CVE-2026-35616 Published on April 4, 2026