The global threat landscape has shifted into high gear this week as two pillars of enterprise infrastructure Fortinet and Google Chrome, face a barrage of active zero-day exploitations. From the management planes of corporate networks to the browsers on every desktop, attackers are leveraging unpatched flaws to bypass authentication and achieve remote code execution (RCE).

For the Hacklido community, this is a "drop everything" moment. Here is the technical breakdown of the threats currently in the wild.


1. Fortinet EMS: The API Bypass (CVE-2026-35616)

The most severe threat currently facing network administrators is CVE-2026-35616, a critical vulnerability in FortiClient Endpoint Management Server (EMS). With a near-perfect CVSS score of 9.8, this flaw is a direct ticket to the heart of an organization's endpoint security.

  • The Vulnerability: An improper access control flaw in the FortiClient EMS API allows an unauthenticated, remote attacker to bypass authentication checks.
  • The Impact: By sending a specially crafted HTTP request, an attacker can execute arbitrary code or commands on the EMS server. Since the EMS manages security policies for every connected device in the company, a compromise here allows an attacker to disable endpoint protections globally or deploy ransomware across the entire network.
  • Active Status: CISA has already added this to its Known Exploited Vulnerabilities (KEV) catalog. Intelligence suggests roughly 2,000 internet-exposed instances are currently vulnerable.

Immediate Action: If you are running FortiClient EMS 7.4.5 or 7.4.6, apply the emergency hotfix immediately or upgrade to 7.4.7.


2. Google Chrome: The WebGPU "Dawn" Zero-Day (CVE-2026-5281)

On the desktop front, Google has rushed out a patch for its fourth actively exploited zero-day of 2026. This high-severity flaw, tracked as CVE-2026-5281, targets Dawn, the open-source implementation of the WebGPU standard.

  • The Exploit: This is a use-after-free bug. An attacker can trigger it by tricking a user into visiting a maliciously crafted website.
  • The Goal: If successful, the attacker can break out of the browser's renderer process and execute arbitrary code on the victim's machine.
  • The Frequency: The fact that this is the fourth zero-day since January underscores the intense pressure browser engines are under as AI-driven discovery tools (like Anthropic Mythos) begin to map complex browser internals at scale.

Immediate Action: Update Chrome to version 146.0.7680.178 (or higher) on Windows and macOS. Chromium-based browsers like Edge, Brave, and Opera are also affected.


3. Adobe Acrobat: The "Russian Lure" (CVE-2026-34621)

Not to be outdone, Adobe has released an emergency out-of-band patch for Acrobat and Reader to address CVE-2026-34621.

  • The Campaign: This zero-day has been circulating since at least November 2025. It gained the "Russian Lure" moniker because attackers have been using Russian-language PDFs—specifically targeting the oil and gas sector—to deliver the payload.
  • The Logic: The flaw involves prototype pollution in the JavaScript engine, allowing for RCE simply by opening a PDF.
  • Priority: Adobe has labeled this as Priority 1. Ensure you are on version 26.001.21411 or later.


Technical Tip: For the Fortinet flaw, check your logs for unusual HTTP requests targeting the EMS API endpoints. If your EMS is internet-facing, consider restricting access to known management IPs via a firewall until the patch is verified