ManageEngine Account Takeover Flaw CVE-2026-11374
ID: 2d4f2ae8-9ea2-5e95-90cd-f7c6ca7f5d6f
STIX ID: report--2d4f2ae8-9ea2-5e95-90cd-f7c6ca7f5d6f
Feed Name: securityonline.info
Threat Score
**CVE-2026-11374 – ManageEngine AD360 SSO ticket predictability:** A critical (CVSS 9.0) vulnerability in ADSelfService Plus, Recovery Manager Plus, M365 Manager Plus, and ADAudit Plus allows unauthenticated attackers to predict SSO tickets and perform full account takeover; vendors released patched builds (6529, 6321, 4817, 8703) and no active exploitation has been confirmed.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
