The Vulnerability That Turns Defenders into Targets
On April 4, 2026, Fortinet released an emergency hotfix for CVE-2026-35616, a critical pre-authentication bypass in FortiClient Endpoint Management Server (EMS) that was already being exploited before any patch existed. With a CVSS score of 9.1, the flaw allows unauthenticated attackers to execute arbitrary code on servers that manage endpoint security for entire organizations.
The timing underscores a broader pattern. Just days earlier, CERT-EU disclosed that a supply-chain compromise of Trivy, the widely used open-source vulnerability scanner, had led to a breach at the European Commission affecting 71 entities and 340 GB of stolen data. Together, these incidents crystallize a disturbing reality: the security infrastructure itself has become the primary attack surface.
How CVE-2026-35616 Works
The vulnerability, classified under CWE-284 (Improper Access Control), resides in the API layer of FortiClient EMS. It allows an unauthenticated attacker to bypass API authentication and authorization controls entirely, escalating privileges and executing malicious code via specially crafted HTTP requests.
What makes this particularly dangerous is the attack’s simplicity. No credentials are needed. No user interaction is required. An exposed EMS administrative interface is all an attacker needs for initial access, foothold establishment, and lateral movement across the managed endpoint fleet.
FortiClient EMS versions 7.4.5 and 7.4.6 are affected. Version 7.2.x remains unaffected. Fortinet published advisory FG-IR-26-099 alongside emergency hotfixes, with a permanent fix expected in the upcoming version 7.4.7. The vulnerability was discovered by Simo Kohonen from Defused Cyber and independent researcher Nguyen Duc Anh.
Exploitation Timeline: Attackers Moved First
The chronology reveals how narrow the window was for defenders:
- March 31, 2026: Security firm watchTowr recorded the first exploitation attempts against CVE-2026-35616 on its honeypot network, days before any patch was available. Defused Cyber independently observed zero-day exploitation during the same period.
- April 4, 2026: Fortinet confirmed active exploitation and released emergency hotfixes for versions 7.4.5 and 7.4.6.
- April 5, 2026: The Shadowserver Foundation identified over 2,000 FortiClient EMS instances exposed to the public internet, with the majority located in the United States and Germany.
This was not the first FortiClient EMS crisis in recent weeks. CVE-2026-21643, a critical SQL injection vulnerability (also CVSS 9.1) affecting version 7.4.4, had been under active exploitation since late March 2026. Attackers were smuggling SQL statements through crafted HTTP request headers, achieving code execution against the backing PostgreSQL database on unpatched systems. Back-to-back critical vulnerabilities in the same product line paint a troubling picture of the attack surface that endpoint management systems present.
Advertisement
The Trivy Breach: When Your Scanner Becomes the Weapon
The FortiClient EMS zero-day did not happen in isolation. On April 3, 2026, CERT-EU disclosed that a sophisticated supply-chain attack had compromised Trivy, the widely deployed open-source container vulnerability scanner maintained by Aqua Security.
The threat actor, identified as TeamPCP, exploited a misconfiguration in Trivy’s GitHub Actions CI/CD pipeline to inject malicious code that harvested AWS API keys, SSH secrets, and Kubernetes credentials from environments running the tool. On March 19, an attacker used a stolen AWS secret to access the European Commission’s cloud infrastructure. The Commission’s Cybersecurity Operations Centre detected abnormal API usage, but by then the attackers had already pivoted across multiple AWS accounts.
The breach ultimately affected 71 clients hosted on the Europa web hosting platform, with over 340 GB of data exfiltrated, including personal information such as names, usernames, and email addresses across multiple EU entities. The extortion group ShinyHunters published the stolen dataset on its dark web leak site on March 28.
The TeamPCP campaign did not stop at Trivy. The group subsequently expanded operations to Checkmarx KICS and the npm ecosystem, demonstrating a systematic strategy of targeting security tooling supply chains.
The Pattern: Security Infrastructure as Attack Surface
These incidents, days apart, reflect a structural shift in how sophisticated adversaries approach enterprise networks. Rather than hunting for vulnerabilities in business applications, attackers are increasingly targeting the security and management stack itself.
The logic is ruthless and effective. Endpoint management servers hold credentials and policies for every managed device. Vulnerability scanners have deep access to infrastructure metadata and often run with elevated privileges. Compromise one of these tools, and you potentially compromise the entire security posture of the organization.
CISA recognized this trend explicitly. On March 18, 2026, the agency issued an alert urging organizations to harden endpoint management systems following a cyberattack against Stryker Corporation, a US-based medical technology firm. The Iranian-linked hacktivist group Handala had exploited Stryker’s Microsoft Intune environment, using the platform’s built-in wipe command to destroy endpoint data across the organization.
For CISOs and security architects, the implication is clear: the tools you trust must be treated with the same skepticism as the threats they are meant to stop.
What Organizations Should Do Now
Immediate actions (24-48 hours):
- Patch FortiClient EMS to the latest hotfix for versions 7.4.5 or 7.4.6. If patching is not immediately possible, restrict network access to the EMS administrative interface to trusted internal IP ranges only.
- Audit internet exposure. Use asset discovery tools to confirm no EMS instances are directly reachable from the public internet. The 2,000+ exposed instances identified by Shadowserver suggest many organizations are unaware their EMS is publicly accessible.
- Review Trivy deployments. Verify you are running a clean, verified version of Trivy. Audit CI/CD pipeline integrity and check for unauthorized changes to scanning tool configurations or outputs.
Strategic actions (30-90 days):
- Segment management infrastructure. Endpoint management servers, vulnerability scanners, SIEM collectors, and other security tools should reside on isolated management VLANs with strict access controls, not alongside general server workloads.
- Implement zero-trust for security tools. Apply the same authentication, authorization, and monitoring rigor to your security stack as you do to production systems. Pre-authentication bypasses like CVE-2026-35616 succeed precisely because many organizations assume their security tools are inherently trusted.
- Verify software supply chains. For open-source security tools, implement signature verification, reproducible builds, and SBOM tracking. The Trivy compromise succeeded because organizations implicitly trusted the tool’s update pipeline.
- Monitor for post-exploitation indicators. If FortiClient EMS was exposed before patching, assume compromise and investigate. Look for unusual API calls, new administrative accounts, or unexpected policy changes in your endpoint fleet.
Frequently Asked Questions
What is CVE-2026-35616 and why is it critical?
CVE-2026-35616 is a pre-authentication access control bypass in Fortinet’s FortiClient Endpoint Management Server with a CVSS score of 9.1. It allows unauthenticated attackers to execute arbitrary code on the server without any credentials or user interaction. Because FortiClient EMS manages security policies and configurations for all endpoints in an organization, a single compromised server can give attackers control over the entire managed device fleet.
How are the FortiClient EMS zero-day and the Trivy breach connected?
While the two incidents involve different vendors and different attack vectors, they represent the same strategic pattern: adversaries targeting security and management infrastructure rather than business applications. The FortiClient EMS zero-day exploits a flaw in an endpoint management server, while the Trivy breach weaponized a vulnerability scanner’s CI/CD pipeline. Both demonstrate that security tools themselves have become high-value targets because they hold privileged access to the environments they protect.
What should organizations do if their FortiClient EMS was internet-exposed before the patch?
If your FortiClient EMS was publicly accessible before the April 4 hotfix, assume compromise and launch an investigation. Check for unusual API calls, newly created administrative accounts, unexpected policy changes across managed endpoints, and any lateral movement indicators. Fortinet and security researchers recommend treating any pre-patch exposure as a potential breach, given that exploitation was recorded as early as March 31 by watchTowr’s honeypot network.
Sources & Further Reading
- Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS — The Hacker News
- FortiClient EMS Zero-Day Exploited, Emergency Hotfixes Available — Help Net Security
- 2,000+ FortiClient EMS Instances Exposed Online Amid Active Exploits — Cybersecurity News
- New FortiClient EMS Flaw Exploited in Attacks — BleepingComputer
- European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack — SecurityWeek
- CERT-EU Blog: European Commission Cloud Breach — A Supply-Chain Compromise
- CISA Urges Endpoint Management System Hardening After Cyberattack — CISA
- Trivy Compromised by TeamPCP — Wiz Blog
- Fortinet FortiClient EMS Advisory FG-IR-26-099 — FortiGuard Labs
