A critical vulnerability in FortiClient Endpoint Management Server (EMS), tracked as CVE-2026-35616, has been exploited in attacks to deploy information-stealing malware, prompting cybersecurity experts to urge immediate patching. The flaw, which allows remote code execution without authentication, has led to the EKZ Infostealer being disguised as a legitimate Fortinet patch, targeting managed endpoints.
A critical vulnerability in FortiClient Endpoint Management Server (CVE-2026-35616) is being actively exploited to deploy information-stealing malware. As a professional in cybersecurity, it's crucial to immediately apply Fortinet's patches for this flaw to prevent attackers from executing remote code on managed endpoints and exfiltrating sensitive data. Additionally, review and secure FortiClient-managed VPN scripting workflows to mitigate potential malicious use.