PatchSiren cyber security CVE debrief
CVE-2026-11374 zohocorp CVE debrief
CVE-2026-11374 is a critical vulnerability in ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus. The issue allows an unauthenticated user to predict SSO tickets, potentially leading to account takeover. The vulnerability has a CVSS score of 9 and is considered critical. ManageEngine has released an advisory for this vulnerability. Users of these products should review their configurations and apply patches as available.
- Vendor
- zohocorp
- Product
- manageengine_adselfservice_plus
- CVSS
- CRITICAL 9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-24
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-24
Who should care
Organizations using ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, or ADAudit Plus should prioritize patching this vulnerability. The ability to predict SSO tickets could allow attackers to gain unauthorized access to accounts. Therefore, administrators of these products should assess their exposure and apply necessary patches or mitigations.
Technical summary
CVE-2026-11374 is a vulnerability in the SSO ticket generation process of ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus. An unauthenticated user can predict SSO tickets, which could lead to account takeover. The vulnerability is characterized by a CVSS:3.1 vector of AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. This indicates that the vulnerability can be exploited over the network without requiring user interaction or prior authentication. CWE-287, CWE-330, and CWE-340 are associated with this vulnerability, relating to improper authentication, use of insufficiently random values, and use of a potentially dangerous function, respectively.
Defensive priority
High priority should be given to patching CVE-2026-11374 due to its critical CVSS score of 9 and the potential for account takeover. Organizations should verify their product versions and apply patches as soon as available.
Recommended defensive actions
- Review and apply patches for ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus.
- Verify configurations and ensure that all instances of these products are updated to a patched version.
- Monitor for any suspicious activity related to SSO ticket generation and account access attempts.
- Consider implementing additional security measures such as multi-factor authentication to mitigate the risk of account takeover.
- Review user accounts and access controls to ensure that they are properly configured and that there are no unauthorized access permissions.
Evidence notes
The CVE-2026-11374 entry in the National Vulnerability Database (NVD) and the CVE.org record provide official details about the vulnerability. ManageEngine has released an advisory for this issue, which can be found on their website. The vulnerability's critical CVSS score and potential for account takeover emphasize the need for prompt patching.
Official resources
-
CVE-2026-11374 CVE record
CVE.org
-
CVE-2026-11374 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
0fc0942c-577d-436f-ae8e-945763c79b02
This article is AI-assisted and based on the supplied source corpus.