Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Active Exploitation of Critical Vulnerability in FortiClient EMS

6 April 2026

Fortinet has released security updates to address a critical security vulnerability in FortiClient EMS. Users and administrators of affected versions are advised to install the hotfix immediately and update to the latest version once available.

Background

Fortinet has released security updates to address a critical improper access control vulnerability (CVE-2026-35616) affecting FortiClient EMS.

Impact

Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute unauthorised code or commands via crafted requests, potentially resulting in a full compromise of the FortiClient EMS server.

Known Exploitation

This vulnerability is reportedly being exploited in the wild.

Affected Products

This vulnerability affects FortiClient EMS versions 7.4.5 through 7.4.6.

Mitigation

Users and administrators of affected products are advised to install the hotfix by following the instructions provided in Fortinet’s advisory and update to the latest version once available.

References

https://thehackernews.com/2026/04/fortinet-patches-actively-exploited-cve.html 

https://fortiguard.fortinet.com/psirt/FG-IR-26-099 

https://nvd.nist.gov/vuln/detail/CVE-2026-35616

Back to top