Critical Authentication Bypass Zero‑Day (CVE‑2026‑35616) in FortiClient Threatens Enterprise Endpoints
What It Is — Fortinet disclosed an authentication‑bypass vulnerability (CVE‑2026‑35616) in its FortiClient endpoint protection and VPN software. The flaw allows an unauthenticated attacker to bypass login controls and gain full client privileges. Exploitability — Active exploitation has been observed in the wild; a proof‑of‑concept is publicly available. The CVSS v3.1 base score is 9.8 (Critical).
Affected Products — FortiClient 7.x (Windows, macOS, Linux) and any integrated FortiOS VPN deployments.
TPRM Impact — FortiClient is a common third‑party security layer for many SaaS and on‑premise environments. A breach could cascade to partner networks, expose credential stores, and undermine the security posture of downstream vendors.
Recommended Actions –
- Deploy Fortinet’s emergency patch immediately on all FortiClient installations.
- Enforce multi‑factor authentication for VPN access pending full remediation.
- Conduct a rapid inventory of all assets using FortiClient and verify patch compliance.
- Review logs for anomalous authentication attempts during the window of vulnerability exposure.
- Update third‑party risk registers to reflect the elevated supply‑chain risk from FortiClient.
Source: Dark Reading