VulnerabilityBleeping Computer
9.8 — CRITICAL
Hackers exploit FortiClient EMS flaw to push infostealer malware
Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Hackers exploited a critical authentication bypass vulnerability in FortiClient EMS to deliver the EKZ infostealer malware, targeting credentials and sensitive data of users with multi-factor authentication enabled.
⚙️Technical Details
CVEs
CVE-2026-35616Affected Systems: Fortinet ForticlientEMSAttack Vectors: NETWORK
Affected Systems
Fortinet ForticlientEMS
Attack Vectors
NETWORK
💥Impact Assessment
Severity: critical
Who Is at Risk
Federal agencies, organizations using FortiClient EMS, and individuals with multi-factor authentication enabled accounts.
🛡️Recommended Actions
1Monitor logs for certificate-authentication anomalies and unexpected changes to Remote Access Profile configurations.
2Implement strict access controls and validate administrative activity, such as new accounts or actions leading to configuration changes.
3Regularly update FortiClient EMS with the latest patches (https://fortiguard.fortinet.com/psirt/FG-IR-26-099)
📦Affected Products
Fortinet ForticlientemsFortinet ForticlientEMS
🔐NVD Verified DataVERIFIED
CVE-2026-35616 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-284
Affected Products (CPE)
Fortinet Forticlientems
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.