What is CVE-2026-11374?

CVE-2026-11374 is a critical-severity vulnerability in Zohocorp Manageengine_adaudit_plus, classified under Improper Authentication. CVSS score: 9.0/10. Published 2026-06-23.

How severe is CVE-2026-11374?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Auth bypass in Zohocorp Manageengine_adaudit_plus

CVE-2026-11374

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.

Vulnerability class: Broken Authentication

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Zohocorp Manageengine_adaudit_plus — versions 0
Zohocorp Manageengine_adselfservice_plus — versions 0
Zohocorp Manageengine_m365_manager_plus — versions 0
Zohocorp Manageengine_recovery_manager_plus — versions 0

Weakness classification (CWE)

References

0fc0942c-577d-436f-ae8e-945763c79b02

Frequently asked questions

What is CVE-2026-11374?: CVE-2026-11374 is a critical-severity vulnerability in Zohocorp Manageengine_adaudit_plus, classified under Improper Authentication. CVSS score: 9.0/10. Published 2026-06-23.
How severe is CVE-2026-11374?: Critical severity. CVSS v3 base score is 9.0 out of 10.