Threat Advisories - NVD Disclosed April 4, 2026

CVE-2026-35616

FortiClient EMS allows attackers to run unauthorized code remotely.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Fortinet FortiClient EMS has a critical flaw allowing unauthenticated attackers to run unauthorized code remotely. This is a serious risk because it can be exploited from anywhere on the internet.

NVD published: April 4, 2026 • CISA KEV