## https://sploitus.com/exploit?id=C48FE499-4A7F-5666-9DDE-5C9B1900D127
# CVE-2026-35616 - FortiClient EMS Vulnerability Detector
[](https://www.python.org/downloads/)
[](LICENSE)
## Description
This tool detects if a FortiClient EMS server is vulnerable to **CVE-2026-35616**, a critical improper access control vulnerability affecting versions **7.4.5 through 7.4.6**.
**CVSS Score:** 9.1 (Critical)
**CWE:** CWE-284 (Improper Access Control)
**Status:** Actively exploited in the wild [citation:3][citation:7]
The vulnerability allows an **unauthenticated attacker** to access protected API endpoints and potentially execute arbitrary commands on the server [citation:4][citation:6].
## How It Works
The detector sends unauthenticated GET requests to known sensitive API endpoints. If any endpoint returns `200 OK` instead of `401 Unauthorized` or `403 Forbidden`, the system is **VULNERABLE**.
## Requirements
- Python 3.6+
- `requests` library
## Installation
```bash
git clone https://github.com/YOURUSERNAME/CVE-2026-35616-Detector
cd CVE-2026-35616-Detector
pip install -r requirements.txt