CVE-2026-35616 in FortiClient EMS is under active exploitation with the EKZ infostealer being delivered as a trojanized Fortinet patch. The EPSS score sits at the 97th percentile, multiple independent vendors have corroborated active exploitation, and the social engineering delivery layer significantly increases infection probability among administrators. This is the highest operational urgency item in this rollup despite not yet appearing on CISA KEV.