What is CVE-2026-2740?

CVE-2026-2740 is a high-severity vulnerability in Zohocorp Manageengine Adselfservice Plus, classified under Command Injection. CVSS score: 8.4/10. Published 2026-05-21.

How severe is CVE-2026-2740?

High severity. CVSS v3 base score is 8.4 out of 10.

RCE in Zohocorp Manageengine Adselfservice Plus

CVE-2026-2740

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party de…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.014 (80.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L.

Affected products

Zohocorp Manageengine Adselfservice Plus — versions 0
Zohocorp Manageengine Datasecurity Plus — versions 0
Zohocorp Manageengine Recoverymanager Plus — versions 0

Weakness classification (CWE)

CWE-77 — Command Injection

References

0fc0942c-577d-436f-ae8e-945763c79b02

Frequently asked questions

What is CVE-2026-2740?: CVE-2026-2740 is a high-severity vulnerability in Zohocorp Manageengine Adselfservice Plus, classified under Command Injection. CVSS score: 8.4/10. Published 2026-05-21.
How severe is CVE-2026-2740?: High severity. CVSS v3 base score is 8.4 out of 10.