top of page
ALL POSTS
Critical FortiClient EMS Vulnerability Exploited in Active Campaign Delivering EKZ Infostealer
Key Findings Threat actors are actively exploiting CVE-2026-35616, a critical FortiClient EMS vulnerability with a CVSS score of 9.1, to deploy credential-stealing malware across enterprise networks Attackers abuse legitimate FortiClient management pathways to push malicious PowerShell commands, evading traditional network monitoring solutions A new infostealer payload named EKZ Infostealer masquerades as vendor software updates and extracts credentials from Chrome and Firefo
May 283 min read
Exposed Endpoint: Critical FortiClient EMS Vulnerability (CVSS 9.1) Enables Unauthenticated Remote Code Execution
Key Findings A critical SQL injection vulnerability (CVE-2026-21643) with a CVSS score of 9.1 has been discovered in Fortinet's FortiClient Enterprise Management Server (EMS) The flaw allows unauthenticated remote code execution, enabling attackers to take full control of the management server without any credentials The vulnerability is caused by improper sanitization of user input, allowing malicious SQL commands to be injected and executed The vulnerability affects FortiCl
Feb 92 min read
bottom of page
