Fortinet issues emergency patch for actively exploited FortiClient EMS vulnerability

Fortinet has released an emergency weekend security update for a critical vulnerability in its FortiClient Enterprise Management Server that is under active exploitation by threat actors. The flaw, tracked as CVE-2026-35616, affects the widely deployed endpoint management platform used by enterprises to secure remote workforces. Security researchers at BleepingComputer confirmed attackers are already leveraging the vulnerability in the wild, prompting Fortinet to bypass its normal patch cycle. The company has not disclosed technical details of the exploit or attribution for the attacks, a common practice to prevent further weaponization before customers patch. The incident marks another significant security challenge for Fortinet following a series of high-profile vulnerabilities in its products over the past two years. Enterprise security teams are being urged to prioritize deployment of the emergency update.