logo

ManageEngine AD360 Flaw Lets Unauthenticated Attackers Take Over User Accounts

ID: a9ad6c00-b813-5829-a90c-c573b8ce8bca

STIX ID: report--a9ad6c00-b813-5829-a90c-c573b8ce8bca

Feed Name: Cyber Press

Threat Score
75/100

Date Published: 2026-06-25

Date Updated: 2026-06-25

Author: Lucas Martin

...
...

A high-severity SSO ticket-prediction vulnerability (CVE-2026-11374) in ManageEngine AD360 components enables unauthenticated attackers to predict Single Sign-On tickets and fully takeover user accounts across ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus; ManageEngine released fixes in June 2026 and organizations are advised to apply updates immediately and audit SSO session logs.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.