Critical FortiClient EMS Flaw Exploited for Credential Theft
Threat actors are actively exploiting a critical authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deploy credential-stealing malware. The flaw allows attackers to bypass authentication mechanisms and execute arbitrary code. This vulnerability has been patched, but organizations using FortiClient EMS must apply the update immediately to mitigate ongoing exploitation risks. Monitoring for indicators of compromise is essential to prevent data breaches.