CVE-2026-35616 in Fortinet FortiClient EMS is under active exploitation with an EPSS score at the 90.6th percentile, but carries significant data quality caveats: no CVSS score is available from NVD (the 0.0 value reflects an unscored state, not low severity), affected version ranges are unconfirmed, and a second related CVE referenced in reporting has not been confirmed from primary sources. Fortinet has issued an emergency hotfix with a full patch still pending, meaning risk is not fully resolved post-hotfix. Organizations should apply the emergency hotfix immediately via the Fortinet support portal, restrict EMS management interface access to trusted network segments, and plan a follow-on maintenance window for the full patch within 72 hours of its availability; all technical specifics should be validated against Fortinet PSIRT before acting.