CVE-2026-2740

HIGH 8.4

Remote Code Execution

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

0th

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.

CWE	CWE-77
Vendor	zohocorp
Product	manageengine adselfservice plus
Published	May 21, 2026
Last Updated	May 21, 2026

Stay Ahead of the Next One

Get instant alerts for zohocorp manageengine adselfservice plus

Be the first to know when new high vulnerabilities affecting zohocorp manageengine adselfservice plus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Affected Versions

Zohocorp / ManageEngine ADSelfService Plus

0 < 6525

Zohocorp / ManageEngine DataSecurity Plus

0 < 6264

Zohocorp / ManageEngine RecoveryManager Plus

0 < 6313

References

NVD ↗ CVE.org ↗ EPSS Data ↗

manageengine.com: https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-2740.html