CVE-2026-2740

Remote Code Execution

CVSS 8.4 HIGHEPSS 1.7%CWE-77

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Affected products

Zohocorp · ManageEngine ADSelfService Plus Zohocorp · ManageEngine DataSecurity Plus Zohocorp · ManageEngine RecoveryManager Plus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-2740.html