好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内,并且不需要特定的开头。首先,我得仔细阅读文章内容,找出关键信息。 文章主要讲的是Fortinet修复了一个被积极利用的高危漏洞,编号是CVE-2026-35616。这个漏洞属于FortiClient EMS系统,CVSS评分9.1分,属于严重级别。漏洞类型是不正确的访问控制,允许攻击者绕过认证并通过API提升权限。 Fortinet已经发布了紧急补丁,并建议用户升级到7.4.7版本。此外,这个漏洞是由Defused的研究人员报告的,并且已经被野外攻击利用了。 接下来,我需要将这些信息浓缩成一句话,不超过100字。重点包括:Fortinet修复了CVE-2026-35616漏洞,这是一个高危问题,CVSS 9.1分,允许攻击者绕过认证和提升权限,并且已经在野外被利用。 </think> Fortinet修复了CVE-2026-35616高危漏洞(CVSS 9.1),该漏洞允许攻击者绕过认证并提升权限。此漏洞已被野外攻击利用, Fortinet已发布紧急补丁并建议用户升级至7.4.7版本。 2026-4-6 05:10:29 Author: securityaffairs.com(查看原文) 阅读量:41 收藏
CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw
Fortinet issued emergency patches for a critical FortiClient EMS flaw (CVE-2026-35616) actively exploited in the wild.
Fortinet released out-of-band patches for a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS 9.1), which is already being exploited in attacks in the wild. The flaw is an improper access control issue that allows attackers to bypass authentication through an API and escalate privileges, posing a serious risk to affected systems.
“An Improper Access Control vulnerability [CWE-284] in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.” reads the advisory published by Fortinet. “Fortinet has observed this to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient EMS 7.4.5 and 7.4.6”
Fortinet confirmed active exploitation of the flaw and urges users of FortiClient EMS 7.4.5 and 7.4.6 to install available hotfixes. A permanent fix will also be included in version 7.4.7.
Fortinet acknowledged Simo Kohonen from Defused and Nguyen Duc Anh for responsibly disclosing this vulnerability after observing active exploitation of the issue as zero-day.
— Defused (@DefusedCyber) April 4, 2026🚨 New Fortinet vulnerability being exploited as an 0-day
CVE-2026-35616 – FortiClient EMS pre-authentication API access bypass – CVSS 9.1 Critical
After observing in-the-wild exploitation of this vulnerability earlier this week, Defused reported it to Fortinet under… pic.twitter.com/GUk5fCAx91
Recently, Defused researchers warn that threat actors are exploiting a vulnerability, tracked as CVE-2026-21643 (CVSS score: 9.1), in Fortinet’s FortiClient EMS platform.
— Defused (@DefusedCyber) March 28, 2026🚨 Fortinet Forticlient EMS CVE-2026-21643 – currently marked as not exploited on CISA and other Known Exploited Vulnerabilities (KEV) lists – has seen first exploitation already 4 days ago according to our data
Attackers can smuggle SQL statements through the "Site"-header… pic.twitter.com/pHwl2qMVsj
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Fortinet)
如有侵权请联系:admin#unsafe.sh