Two FortiClient EMS Zero-Days in Two Weeks: Why Your Endpoint Management Server Is the Target
·1599 words·8 mins
Two critical unauthenticated vulnerabilities in Fortinet’s FortiClient EMS were actively exploited within weeks of each other in March and April 2026. Attackers timed the latest zero-day for Easter weekend. FortiClient EMS manages security policies, VPN configurations, and compliance controls across entire endpoint fleets, making it one of the highest-value targets in an enterprise environment.