API authentication and authorization bypass
CVEs
| CVE | CVSS | CWE | Exploitation |
|---|---|---|---|
| CVE-2026-35616 | 9.1 | CWE-284: Improper Access Control | Exploited (KEV) |
Affected Products
| Product | Affected versions | Fixed version |
|---|---|---|
| FortiClientEMS | 7.4.5 | Not specified by vendor |
| FortiClientEMS | 7.4.6 | Not specified by vendor |