logo

ManageEngine Account Takeover Flaw CVE-2026-11374

ID: 2d4f2ae8-9ea2-5e95-90cd-f7c6ca7f5d6f

STIX ID: report--2d4f2ae8-9ea2-5e95-90cd-f7c6ca7f5d6f

Feed Name: securityonline.info

Threat Score
72/100

Date Published: 2026-06-25

Date Updated: 2026-06-25

Author: Do Son

...
...

**CVE-2026-11374 – ManageEngine AD360 SSO ticket predictability:** A critical (CVSS 9.0) vulnerability in ADSelfService Plus, Recovery Manager Plus, M365 Manager Plus, and ADAudit Plus allows unauthenticated attackers to predict SSO tickets and perform full account takeover; vendors released patched builds (6529, 6321, 4817, 8703) and no active exploitation has been confirmed.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.