CVE-2026-11374

CRITICAL 9.0

Account Takeover via Predictable SSO Ticket Generation

CVSS Score

9.0

EPSS Score

0.0%

EPSS Percentile

0th

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.

CWE	CWE-340 CWE-330 CWE-287
Vendor	zohocorp
Product	manageengine_adselfservice_plus
Published	Jun 23, 2026

Stay Ahead of the Next One

Get instant alerts for zohocorp manageengine_adselfservice_plus

Be the first to know when new critical vulnerabilities affecting zohocorp manageengine_adselfservice_plus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

zohocorp / manageengine_adselfservice_plus

0 < 6529

zohocorp / manageengine_recovery_manager_plus

0 < 6321

zohocorp / manageengine_m365_manager_plus

0 < 4817

zohocorp / manageengine_adaudit_plus

0 < 8703

References

NVD ↗ CVE.org ↗ EPSS Data ↗

manageengine.com: https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html