Ref# ADV2026_210 | Date: Apr 7th 2026

---

Fortinet published a security advisory highlighting vulnerabilities in the following product on April 4th, 2026. It is recommended that you take the necessary precautions by ensuring your product is always updated. 

• FortiClientEMS 7.4 – version 7.4.5 to 7.4.6 

 

For more information on this update, you can follow these URLs: 

• API authentication and authorization bypass 

• CISA KEV: CVE-2026-35616 

• Fortinet PSIRT Advisories 

 

Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-35616 to their Known Exploited Vulnerabilities (KEV) Database on April 6, 2026. 

 

The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary. 

 PDF Download: Fortinet Security Advisory

References 

• API authentication and authorization bypass. (April 04, 2026). Retrieved from FortiGuard Labs. https://www.fortiguard.com/psirt/FG-IR-26-099 

 

• CISA KEV: CVE-2026-35616. (n.b.). Retrieved from Fortinet. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-35616 

 

• Fortinet PSIRT Advisories. (n.b.). Retrieved from Fortinet. https://www.fortiguard.com/psirt?filter=1&version=&severity=5&severity=4&severity=3&severity=2 

 

• Fortinet security advisory. (April 07, 2026). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/fortinet-security-advisory-av26-313