Fortinet FortiClientEMS versions 7.4.5 and 7.4.6 are affected by a critical unauthenticated remote code execution vulnerability (CVE-2026-35616, CVSS 9.8) that is actively exploited and listed in the CISA KEV catalog. Attackers require only network access to execute arbitrary commands on the EMS server, with no credentials needed, creating a high-value pivot point to all managed endpoints. Immediate action is required: restrict network access to the EMS management interface, apply Fortinet’s emergency patch, and treat any affected unpatched server as potentially compromised.