HackerFeeds
All CVEs

CVE-2026-11374

CRITICAL9.0

Published 2026-06-23 · Updated 2026-06-24 · Source 0fc0942c-577d-436f-ae8e-945763c79b02

Description

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.

CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-287CWE-330CWE-340

References

View on NVD