AI & TechBusinessCybersecurityNewswireTechnology

Infostealer Hits Enterprise Devices via FortiClient EMS Flaw

Originally published on: May 30, 2026
▼ Summary

– Attackers exploit CVE-2026-35616 in FortiClient EMS to deliver a broad-spectrum infostealer to enterprise computers.
– The malicious payload is disguised as a legitimate Fortinet endpoint update to evade detection.

Attackers are actively exploiting a known vulnerability in FortiClient Enterprise Management Server (EMS) , tracked as CVE-2026-35616 , to deliver a broad-spectrum infostealer directly to enterprise devices. The malicious payload masquerades as a legitimate Fortinet endpoint update, tricking systems into executing the malware.

According to security researchers, the attack chain begins when the FortiClient EMS flaw is leveraged to bypass authentication and inject a fake update package. Once installed, the infostealer harvests credentials, browser data, cryptocurrency wallets, and other sensitive information from infected machines. The malware is designed to exfiltrate data silently, making detection difficult for standard endpoint defenses.

“The [malicious] payload was presented as a Fortinet endpoint update and executed without raising suspicion,” one researcher noted. The campaign appears to target enterprise environments where FortiClient EMS is commonly deployed for centralized endpoint management. Organizations running unpatched versions of the software are at heightened risk.

This incident underscores the critical importance of prompt patch management for enterprise software. Fortinet released a security update for CVE-2026-35616 in early 2026, but many organizations have yet to apply it. Attackers are now actively scanning for vulnerable EMS servers to distribute the infostealer at scale.

Security teams are urged to verify that all FortiClient EMS instances are updated to the latest version and to monitor for unusual update requests or unexpected endpoint behavior. The infostealer’s broad data collection capabilities make it a significant threat to corporate networks, potentially enabling further attacks like credential theft, lateral movement, and data breaches.

(Source: Help Net Security)

Topics

infostealer malware 95% cve-2026-35616 exploit 94% forticlient ems 93% enterprise security 90% malicious payload 88% software vulnerabilities 86% cyber attack methods 84% fortinet products 82% endpoint security 80% data theft 78%