InfoSecBulletin Cybersecurity for mankind
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to protect FortiClient Enterprise Management Server (EMS) systems from a known security issue by Friday. Tracked as CVE-2026-35616, this security flaw was found by the cybersecurity company Defused.
Fortinet shared urgent fixes over the weekend to fix the problem. They said the security issue comes from a weak access control that allows unauthorized attackers to run code or commands using special requests.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The company also warned that threat actors had been exploiting it in zero-day attacks and warned IT administrators to secure their EMS instances as soon as possible by applying the hotfixes or upgrading to FortiClient EMS version 7.4.7 when it becomes available.
“Fortinet has observed this to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient EMS 7.4.5 and 7.4.6,” the company said.
Shadowserver is tracking about 2,000 FortiClient EMS systems online. More than 1,400 of these are in the United States and Europe. But it is unclear how many have been fixed or still have problems.
On Monday, CISA put CVE-2026-35616 on its list of Known Exploited Vulnerabilities (KEV) and told Federal Civilian Executive Branch (FCEB) agencies to fix FortiClient EMS by Thursday midnight, April 9, as required by Binding Operational Directive (BOD) 22-01.
“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” the cybersecurity agency warned.
“Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.”
Even though BOD 22-01 is meant for U.S. federal agencies, CISA encouraged everyone, including private companies, to focus on fixing CVE-2026-35616 and to secure their networks quickly.
Fortinet fixed another serious FortiClient EMS problem (CVE-2026-21643) in February. This issue was noted just under two weeks ago as being used in attacks.
