Number: AL26-007
Date: April 7, 2026
Audience
This Alert is intended for IT professionals and managers.
Purpose
An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.
Details
The Cyber Centre is aware of a critical vulnerability impacting Fortinet FortiClient Endpoint Management Server (EMS)1. In response to the vendor advisory released on April 4, 2026, the Cyber Centre released AV26-313 on April 7, 2026Footnote 2.
Tracked as CVE-2026-35616Footnote 3, this vulnerability is an improper access control vulnerability (CWE-284)Footnote 4 in Fortinet FortiClientEMS 7.4.5 through 7.4.6 that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Fortinet FortiClientEMS is a centralized security management solution for Fortinet's endpoint agents (FortiClient). It enables administrators to manage, deploy, and monitor security policies, Zero Trust Network Access (ZTNA) tags, and vulnerability scanning for Windows, macOS, and mobile endpoints, primarily designed for enterprise security.
Further information about the impacted versions of Fortinet instances can be found in the Fortinet advisoryFootnote 1.
This vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV) catalogFootnote 5 on April 6, 2026.
Suggested actions
The Cyber Centre recommends that organizations using Fortinet FortiClientEMS, review the Fortinet security bulletinFootnote 1 and update or upgrade the affected instances to the following versions:
| Affected product | Affected version | Solution |
|---|---|---|
| FortiClientEMS 7.4 | 7.4.5 | Install hotfixFootnote 6 or upgrade to upcoming 7.4.7 or above |
| FortiClientEMS 7.4 | 7.4.6 | Install hotfixFootnote 7 or upgrade to upcoming 7.4.7 or above |
| FortiClientEMS 7.2 | Not affected | Not affected |
In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre's Top 10 IT Security Actions with an emphasis on the following topicsFootnote 8.
- Patch operating systems and applications
- Harden operating systems and applications
- Isolate web-facing applications
Should activity matching the content of this alert be discovered, recipients are encouraged to report via My Cyber Portal or email contact@cyber.gc.ca.