Share
## https://sploitus.com/exploit?id=C48FE499-4A7F-5666-9DDE-5C9B1900D127
# CVE-2026-35616 - FortiClient EMS Vulnerability Detector

[![Python 3.6+](https://img.shields.io/badge/python-3.6+-blue.svg)](https://www.python.org/downloads/)
[![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)

## Description

This tool detects if a FortiClient EMS server is vulnerable to **CVE-2026-35616**, a critical improper access control vulnerability affecting versions **7.4.5 through 7.4.6**.

**CVSS Score:** 9.1 (Critical)  
**CWE:** CWE-284 (Improper Access Control)  
**Status:** Actively exploited in the wild [citation:3][citation:7]

The vulnerability allows an **unauthenticated attacker** to access protected API endpoints and potentially execute arbitrary commands on the server [citation:4][citation:6].

## How It Works

The detector sends unauthenticated GET requests to known sensitive API endpoints. If any endpoint returns `200 OK` instead of `401 Unauthorized` or `403 Forbidden`, the system is **VULNERABLE**.

## Requirements

- Python 3.6+
- `requests` library

## Installation

```bash
git clone https://github.com/YOURUSERNAME/CVE-2026-35616-Detector
cd CVE-2026-35616-Detector
pip install -r requirements.txt