Today, CISA announced that it had added an improper access control vulnerability in the FortiGuard FortiClient EMS to their Known Exploited Vulnerabilities Catalog. The vulnerability was disclosed by FortiGuard on April 4th, 2026. FortiGuard reported in their advisory that the vulnerability was being exploited in the wild. The vulnerability was initially reported to FortiGuard by Simo Kohonen from Defused and Nguyen Duc Anh o Kohonen from Defused and Nguyen Duc Anh.
CISA has ordered Federal Agencies using the affected product to: “Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” A deadline of April 9th, 2026, has been established.
Posts
No comments:
Post a Comment