Hackers have been exploiting a critical vulnerability in FortiClient Endpoint Management Server (FortiClient EMS) since at least the end of March. Fortinet has published an advisory and released an emergency hotfix that can be applied to affected deployments until a patched version can be released. The vulnerability, now tracked as CVE-2026-35616, allows unauthenticated attackers to remotely execute arbitrary code on FortiClient EMS, which organizations use to manage, monitor, provision, patch, quarantine, and monitor endpoint systems. The flaw is rated 9.1 (critical) in the Common Vulnerability Scoring System and was added by the US Cybersecurity and Infrastructure Security Agency (CISA) to...