ManageEngine AD360 Flaw Lets Unauthenticated Attackers Take Over User Accounts
ID: a9ad6c00-b813-5829-a90c-c573b8ce8bca
STIX ID: report--a9ad6c00-b813-5829-a90c-c573b8ce8bca
Feed Name: Cyber Press
Threat Score
A high-severity SSO ticket-prediction vulnerability (CVE-2026-11374) in ManageEngine AD360 components enables unauthenticated attackers to predict Single Sign-On tickets and fully takeover user accounts across ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus; ManageEngine released fixes in June 2026 and organizations are advised to apply updates immediately and audit SSO session logs.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
