CVE Tools
Back to feed
Daily CyberSecurity (securityonline.info) ·EN News source Patch releasedADSelfService PlusRecovery Manager PlusM365 Manager Plus

ManageEngine Account Takeover Flaw CVE-2026-11374

·2 min read
CVE Tools coverage

Zoho disclosed a critical account takeover weakness, CVE-2026-11374 (CVSS 9.0), in zohocorp manageengine_adselfservice_plus when deployed as part of ManageEngine AD360. The flaw allows unauthenticated attackers to predict SSO tickets, letting them obtain user identity/role information and take over targeted accounts. Organizations using affected builds—6528 or earlier, 6320 or earlier, 4816 or earlier, and 8702 or earlier—should upgrade to 6529, 6321, 4817, and 8703 immediately, as exploitation has not been confirmed in the wild.