CVE-2026-11374
Account Takeover via Predictable SSO Ticket Generation
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted
by an unauthenticated user, leading to account takeover.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
zohocorp · manageengine_adaudit_pluszohocorp · manageengine_adselfservice_pluszohocorp · manageengine_m365_manager_pluszohocorp · manageengine_recovery_manager_plusWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →