CVE-2026-35616 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 4, 2026
Fortinet FortiClientEMS - Command Injection
Published: April 4, 2026Updated: April 4, 2026Remote Exploitable
Overview
Fortinet FortiClientEMS 7.4.5 through 7.4.6 contains an improper access control vulnerability caused by insufficient authorization checks, letting unauthenticated attackers execute unauthorized code or commands via crafted requests.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Unauthenticated attackers can execute unauthorized code or commands, potentially compromising the system.
Mitigation
Update to the latest version beyond 7.4.6.
Related Resources
Details
- CVE ID
- CVE-2026-35616
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- command_injection
- Status
- new
CWE
- CWE-284
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H