Fortinet FortiClient EMS is affected by two CVE records — CVE-2026-35616 (CVSS 9.8, CISA KEV, priority 0.85) and CVE-2026-21643 (CVSS 9.0, priority 0.45) — both referencing active zero-day exploitation of the same product; Fortinet PSIRT clarification is required to determine whether these represent a single vulnerability with dual assignment or two distinct flaws. Both records confirm unauthenticated remote exploitation enabling full system compromise of the EMS management server, with potential downstream impact to all managed endpoints. Emergency action is required: restrict network access to EMS management interfaces immediately and apply Fortinet’s emergency hotfix following the official PSIRT advisory for confirmed affected version ranges.