Fortinet customers confront actively exploited zero-day, with a full patch still pending | CyberScoop<\/title> <meta name=\"description\" content=\"Two critical defects in FortiClient EMS have been exploited in the past couple weeks. Experts push for users to apply an immediate hotfix.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Fortinet customers confront actively exploited zero-day, with a full patch still pending\"> <meta property=\"og:description\" content=\"Two critical defects in FortiClient EMS have been exploited in the past couple weeks. Experts push for users to apply an immediate hotfix.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-04-06T21:12:01+00:00\"> <meta property=\"article:modified_time\" content=\"2026-04-06T21:12:04+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-2.jpg\"> <meta property=\"og:image:width\" content=\"4000\"> <meta property=\"og:image:height\" content=\"2667\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1774626878g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1775074092g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88501\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88501\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88501 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.457175925926\">\n<div class=\"single-article__header-content\" readability=\"34.532374100719\">\n<p> Two critical defects in FortiClient EMS have been exploited in the past couple weeks. Experts push for users to apply an immediate hotfix. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88501\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-2.jpg 4000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-2.jpg?resize=2048,1366 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-2.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"35.388280394304\"><body readability=\"72.405079365079\"><\/p>\n<p>Fortinet released an emergency software update over the weekend to address an actively exploited vulnerability in FortiClient EMS, an endpoint management tool for customer devices.<\/p>\n<p>The zero-day vulnerability \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-35616\">CVE-2026-35616<\/a> \u2014 has a CVSS rating of 9.8 and was added to the Cybersecurity and Infrastructure Security Agency\u2019s <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?f%5B0%5D=vendor_project%3A813\">known exploited vulnerability catalog<\/a> Monday. <\/p>\n<p>Fortinet said in a Saturday <a href=\"https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-26-099\">security advisory<\/a> that it has seen the vulnerability being actively exploited in the wild. The company issued a hotfix and plans to release a more comprehensive software update later, though that update is not yet available.<\/p>\n<p>The security vendor did not say when the earliest known exploit occurred nor how many instances have already been impacted. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Unknown attackers were first observed attempting to exploit the vulnerability March 31, Benjamin Harris, founder and CEO at watchTowr, told CyberScoop. <\/p>\n<p>\u201cExploitation attempts and probes were initially limited, reflecting typical attacker desire to try and keep usage of a zero-day from discovery and observation,\u201d he added. \u201cAs of April 6, given attention and Fortinet issuing a hotfix, exploitation has ramped up, indicating growing attacker interest and likely broader targeting.\u201d<\/p>\n<p>Shadowserver scans found nearly <a href=\"https:\/\/dashboard.shadowserver.org\/statistics\/iot-devices\/time-series\/?date_range=30&vendor=fortinet&model=forticlient+enterprise+management+server+%28ems%29&dataset=count&limit=100&group_by=geo&stacking=stacked&auto_update=on\">2,000 publicly exposed instances<\/a> of FortiClient EMS on Sunday. It\u2019s unclear how many of those instances are running vulnerable versions of the software.<\/p>\n<p>The recently discovered zero-day shares similarities with <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-21643\">CVE-2026-21643<\/a>, another unauthenticated FortiClient EMS defect that <a href=\"https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-25-1142\">Fortinet disclosed<\/a> Feb. 6. The vendor and <a href=\"https:\/\/ccb.belgium.be\/advisories\/warning-forticlient-ems-sql-injection-cve-2026-21643-patch-immediately\">cyber authorities<\/a> last week warned that CVE-2026-21643 has been exploited in the wild. <\/p>\n<p>Researchers have yet to find any significant link between the vulnerabilities or attribute the attacks to known threat actors, but both defects were actively exploited in a short timeframe and both allow attackers to execute code remotely. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cFortinet solutions are popular targets for threat actors generally, so exploitation isn\u2019t necessarily surprising,\u201d said Caitlin Condon, vice president of security research at VulnCheck.<\/p>\n<p>CISA has added 10 Fortinet defects to its known exploited vulnerabilities catalog since early 2025. <\/p>\n<p>While there is no full patch for CVE-2026-35616, Harris credited Fortinet for rushing out a hotfix over a holiday weekend, adding that it reflects how urgently the company is treating the matter. <\/p>\n<p>\u201cThe timing of the ramp-up of in-the-wild exploitation of this zero-day is likely not coincidental,\u201d he said. \u201cAttackers have shown repeatedly that holiday weekends are the best time to move. Security teams are at half strength, on-call engineers are distracted, and the window between compromise and detection stretches from hours to days. Easter, like any other holiday, represents opportunity.\u201d<\/p>\n<p>A Fortinet spokesperson said response and remediation efforts are ongoing and the company is communicating directly with customers to advise on necessary actions.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThe best time to apply the hotfix was yesterday,\u201d Harris said. \u201cThe second-best time is right now.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.5838323353293\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fortinet customers confront actively exploited zero-day, with a full patch<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,5063,917,823,256,2880,288,4136,643,5199,1544,5292],"tags":[86,5064,921,827,262,2882,294,4140,645,5200,1545,5296],"class_list":["post-8505","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-endpoint-security","category-fortinet","category-patching","category-research","category-shadowserver","category-threats","category-vulncheck","category-vulnerabilities","category-watchtowr","category-zero-day","category-zero-day-exploit","tag-cybersecurity","tag-endpoint-security","tag-fortinet","tag-patching","tag-research","tag-shadowserver","tag-threats","tag-vulncheck","tag-vulnerabilities","tag-watchtowr","tag-zero-day","tag-zero-day-exploit"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/endpoint-security\/\" rel=\"category tag\">endpoint security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fortinet\/\" rel=\"category tag\">Fortinet<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/patching\/\" rel=\"category tag\">Patching<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/shadowserver\/\" rel=\"category tag\">Shadowserver<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulncheck\/\" rel=\"category tag\">VulnCheck<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/watchtowr\/\" rel=\"category tag\">watchTowr<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-day\/\" rel=\"category tag\">Zero-day<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-day-exploit\/\" rel=\"category tag\">zero-day exploit<\/a>","tag_info":"zero-day exploit","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8505"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8505\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8505,"date":"2026-04-06T16:12:01","date_gmt":"2026-04-06T21:12:01","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88501"},"modified":"2026-04-06T16:12:01","modified_gmt":"2026-04-06T21:12:01","slug":"fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/04\/06\/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending\/","title":{"rendered":"Fortinet customers confront actively exploited zero-day, with a full patch still pending"},"content":{"rendered":"