FortiClient
Fortinet
Actively exploited vulnerabilities
The US cybersecurity agency CISA lists these vulnerabilities in its catalog of Known Exploited Vulnerabilities. Check your version and patch or mitigate promptly.
- CVE-2023-48788Fortinet FortiClient EMS SQL Injection VulnerabilityRansomware
- CVE-2026-35616Fortinet FortiClient EMS Improper Access Control Vulnerability
- CVE-2026-21643Fortinet FortiClient EMS SQL Injection Vulnerability
Source: CISA KEV. The CVE is matched to the product automatically — when in doubt, the linked NVD entry applies.
FortiClient at a glance
FortiClient is Fortinet's endpoint agent for VPN, endpoint protection and fabric integration, deployed on user devices. Fortinet ships regular FortiClient releases plus security advisories; as exposed VPN/endpoint software, timely updates matter.
For admins the priorities are keeping the agent current and its configuration secure. FortiClient connects to the corporate network (VPN) and integrates with the Fortinet fabric, so security fixes should be applied promptly — and its compatibility with the FortiGate/EMS side should be kept in step (check the matrix). Roll it out and update it through EMS or software distribution. Older versions on personal or rarely-used devices are the classic weak spot — enforce a minimum version. Subscribe to Fortinet's PSIRT advisories; patchletter surfaces new FortiClient releases.
Release history · as detected by patchletter
No releases recorded yet — the source was just added.
Never miss a FortiClient update
We check the source daily and email you — instantly or as a digest. Free, one-click unsubscribe.
Watch FortiClient