Fortinet FortiClient EMS, the centralized management server for FortiClient endpoint deployments, is affected by two critical zero-day vulnerabilities (CVE-2026-35616) that are confirmed actively exploited in the wild, with EPSS at the 96th percentile and an emergency hotfix issued while a full patch remains pending. Specific vulnerability classes, affected version ranges, and CVSS scoring are not yet published by NVD; the Fortinet PSIRT advisory must be consulted directly for authoritative technical details and hotfix package information. Organizations should apply the emergency hotfix immediately, restrict FortiClient EMS network access to trusted management hosts only if hotfix deployment is delayed, and review EMS audit logs and EDR telemetry on the EMS host for signs of unauthorized policy changes or account creation.