Let us handle IT so you can focus on growing your business.
Empower your IT team with scalable co-managed support.
Get multichannel 24/7/365 expert end-user support.
Protect, detect, and respond—Dataprise keeps your business secure.
Maximize uptime with with industry-leading DRaaS.
Swiftly mitigate cyber threats and restore security.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Keep production running with secure, always-on IT.
Accelerate PE client deals and secure data.
Empower Your Municipality with Secure, Reliable IT Services
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Grow through acquisition and partnership with Dataprise.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Explore our trusted partnerships with leading tech innovators.
Defense Digests
Table of content
Vulnerability Number: CVE‑2026‑35616
Severity Level: Critical
Fortinet has disclosed an improper access control flaw in FortiClient EMS versions 7.4.5 through 7.4.6 that allows an unauthenticated attacker to execute unauthorized code or commands via crafted requests. The vulnerability is rated CVSS 3.1 9.8 (Critical) and appears in CISA’s Known Exploited Vulnerabilities (KEV) catalog with a remediation deadline of 9 April 2026.
Technical description: A missing access‑control check in FortiClient EMS permits crafted network requests to bypass authentication, granting the attacker code execution privileges on the affected endpoint.
CWE: CWE‑284 Improper Access Control
CVSS: Base score 9.8 (Critical) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (CVSS 3.1).
Affected versions: FortiClient EMS 7.4.5 and 7.4.6; later releases contain the fix.
Vendor advisory: FortiGuard security advisory FG‑IR‑26‑099 (https://fortiguard.fortinet.com/psirt/FG-IR-26-099).
Public exposure: Listed in CISA’s KEV catalog on 6 April 2026; due date for mitigation is 9 April 2026.
Exploitation grants an unauthenticated attacker the ability to run arbitrary code on managed endpoints, potentially leading to full system compromise, lateral movement within corporate networks, and use of the compromised host in ransomware or other malicious campaigns.
1. Apply the FortiGuard patch referenced in advisory FG‑IR‑26‑099 immediately.
2. Verify that all FortiClient EMS deployments are upgraded beyond version 7.4.6; retire any unpatched installations.
3. Follow CISA guidance: implement BOD 22‑01 recommendations, review the “Hunt & Hardening Guidance for Fortinet Products,” and meet the KEV due date of 9 April 2026.
4. Conduct an inventory of all FortiClient EMS assets using automated discovery tools and confirm remediation status before the deadline.
5. Enable logging and monitor network traffic for anomalous FortiClient‑related requests that may indicate exploitation attempts.
IMPORTANT NOTE: Deviation from CISA’s prescribed steps may invalidate compliance reporting and could trigger additional enforcement actions.
Dallas Myers: Director, Cybersecurity Services & R&D, Dataprise
INSIGHTS
Subscribe to get real-time notifications when a new Dataprise Defense Digest is published.