Fortinet has issued an emergency patch for a critical zero-day vulnerability in FortiClient EMS, tracked as CVE-2026-35616. The flaw is an authentication bypass vulnerability that allows attackers to circumvent security controls in the enterprise management system.
The vulnerability has been actively exploited in the wild over the past couple of weeks, according to security researchers. This represents the latest in a series of Fortinet vulnerabilities that have faced real-world exploitation, highlighting the continued targeting of the company's products by threat actors.