Fortinet FortiClient EMS Improper Access Control Vulnerability
Details
CVSS v3
9.8
NVD published
2026-04-04 01:16:39
CISA date
2026-04-06
EPSS
43.2% probability · 97.5th percentile — 2026-05-12
Affected versions
Fortinet FortiClientEMS 7.4.5 through 7.4.6
Summary
This is an improper access control vulnerability affecting Fortinet FortiClientEMS. It allows an unauthenticated remote attacker to execute arbitrary code or commands via crafted requests to vulnerable systems. Successful exploitation can result in full system compromise for affected deployments.
Remediation
Apply the official security patch from Fortinet that addresses this vulnerability as soon as possible. Restrict public access to FortiClientEMS management interfaces from untrusted networks until patching is complete. Monitor for unauthorized activity on any affected deployments.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.