The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Fortinet FortiClient EMS vulnerability to its Known Exploited Vulnerabilities catalog after detecting active exploitation by malicious actors. Federal civilian agencies are required to patch the flaw under Binding Operational Directive 22-01, and CISA is urging all organizations to prioritize remediation of the vulnerability as part of their vulnerability management practices.