CVE-2026-35616
Received
Received - Intake
Improper Access Control in Fortinet FortiClientEMS Enables Code Execution
Publication date: 2026-04-04
Last updated on: 2026-04-06
Assigner: Fortinet, Inc.
Description
Description
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | forticlientems | 7.4.5 |
| fortinet | forticlientems | 7.4.6 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper access control issue found in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6. It allows an unauthenticated attacker to execute unauthorized code or commands by sending specially crafted requests to the affected system.
How can this vulnerability impact me? :
The impact of this vulnerability is severe, as it enables attackers without any authentication to execute arbitrary code or commands on the affected system. This can lead to full compromise of confidentiality, integrity, and availability of the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70