Fortinet released an emergency patch on a Saturday for CVE-2026-35616, a CVSS 9.1 pre-authentication API bypass in FortiClient EMS versions 7.4.5 and 7.4.6. Exploitation started March 31 against watchTowr honeypots. Over 2,000 FortiClient EMS instances are exposed to the internet, concentrated in the US and Germany.
Here is the part that should concern every security team running Fortinet: version 7.4.5, the version you patched to in order to fix the previous critical zero-day (CVE-2026-21643), is one of the two affected versions. You patched your way into this vulnerability.
That is not a one-off. It is the fifth critical, actively exploited Fortinet vulnerability in five months.
Five Critical CVEs, Five Months, One Vendor
The timeline is worth seeing in full:
| Date | CVE | CVSS | Product | Flaw Type |
|---|
| Dec 2025 | CVE-2025-59718 | 9.8 | FortiOS/FortiProxy | SAML Auth Bypass |
| Dec 2025 | CVE-2025-59719 | Critical | FortiWeb | Auth Bypass |
| Jan 2026 | CVE-2026-24858 | 9.4 | FortiOS/FortiManager/FortiProxy | SSO Auth Bypass |
| Mar 2026 | CVE-2026-21643 | 9.8 | FortiClient EMS 7.4.4 | SQL Injection (pre-auth) |
| Apr 2026 | CVE-2026-35616 | 9.1 | FortiClient EMS 7.4.5-7.4.6 | API Auth Bypass (pre-auth) |
Three of the five are pre-authentication flaws. That means no credentials required, no user interaction needed, just an exposed management interface and a crafted request. This is not random bad luck; it signals a systemic pattern in how Fortinet handles authentication across its product line.
The December SAML bypass started the chain, and as I covered when it broke, patched appliances were still being compromised through a new attack path. The January SSO bypass (CVE-2026-24858) was attributed to Mustang Panda, a China-linked APT. Volt Typhoon, another Chinese state-sponsored group, previously used FortiOS exploits to implant the "Coathanger" backdoor in military networks. And an AI-enabled offensive platform called CyberStrikeAI helped a single threat actor compromise 600+ FortiGate firewalls across 55 countries in January and February alone.
FortiClient EMS Is Not Just Another Firewall
Most reporting treats CVE-2026-35616 as another Fortinet vulnerability in a long line of them. It is not. FortiClient EMS is fundamentally different from a firewall or proxy because it is a centralized endpoint management server. It controls the FortiClient agents deployed across every managed endpoint in an organization.
Compromise EMS, and an attacker does not just gain network access. They gain the ability to push configuration changes, deploy software, and manage security policies across every endpoint that EMS controls. The blast radius is not one device; it is the entire managed fleet.
This is the same architectural pattern that made SolarWinds catastrophic, and the same one that let attackers hijack Stryker's Intune console to wipe 200,000 devices: a centralized management plane that, once compromised, becomes a distribution mechanism for the attacker. The difference is that FortiClient EMS is internet-exposed by design in many deployments, and the vulnerability requires no authentication to exploit.
The Patch Treadmill Is Structurally Broken
The FortiClient EMS timeline illustrates a problem that patching alone cannot solve:
- March 26: CVE-2026-21643 (CVSS 9.8, SQL injection) is exploited in FortiClient EMS 7.4.4
- Late March: Organizations patch to version 7.4.5 as recommended
- March 31: CVE-2026-35616 (CVSS 9.1, API bypass) is already being exploited in 7.4.5
- April 5: Emergency patch released
Organizations that followed best practices and patched quickly did not reduce their risk. They traded one critical pre-auth vulnerability for another. As watchTowr CEO Benjamin Harris put it: "Attackers have shown repeatedly that holiday weekends are the best time to move."
This is not a patching speed problem. It is a structural problem. When AI-enabled tools have compressed the attack window to seconds and new critical vulnerabilities emerge every two to four weeks in the same product line, the assumption that patching keeps you ahead of attackers stops holding.
The Governance Gap
CISA recognized the edge device reckoning in February with Binding Operational Directive 26-02, which mandates federal agencies eliminate unsupported edge devices. But CVE-2026-35616 affects current, fully supported versions of FortiClient EMS. BOD 26-02 does not help here.
The broader numbers tell the story. VulnCheck identified 191 Known Exploited Vulnerabilities in network edge devices in 2025, making them the most-targeted category. Verizon's DBIR reported an 8x year-over-year increase in edge device exploitation. And only 23.7% of exploited edge device vulnerabilities appeared in CISA's KEV catalog, meaning organizations relying solely on KEV for prioritization are flying blind on three-quarters of actively exploited flaws.
There is a gap between "replace old devices" and "keep current devices from being weaponized." No directive addresses the second problem.
What This Means for Security Teams
If you run FortiClient EMS, the immediate action is straightforward: patch to 7.4.7 or apply the hotfixes for 7.4.5 and 7.4.6 today. But the deeper question is whether your security architecture can absorb a cadence of critical zero-days in a core management platform every few weeks.
Three things worth evaluating now:
-
Reduce exposure surface. FortiClient EMS should not be directly internet-accessible. Put it behind a VPN or zero-trust access broker. The 2,000+ exposed instances Shadowserver found are 2,000+ organizations that are one crafted request away from full endpoint compromise.
-
Assume compromise windows. With five days between first exploitation (March 31) and patch availability (April 5), treat this as a potential breach, not just a vulnerability. Hunt for indicators of compromise in EMS logs and on managed endpoints.
-
Evaluate single-vendor concentration risk. When one vendor's products account for five critical zero-days in five months across firewalls, proxies, web application firewalls, and endpoint management, the risk is no longer about individual CVEs. It is about whether concentrating your security stack on a single vendor creates a monoculture that attackers can systematically exploit.
The patching treadmill works when vulnerabilities are rare. When they arrive at this cadence, patching becomes damage control, not prevention. The architecture has to change.
