Loading market data...
← Back to CVE feed

CVE-2026-11374

CRITICAL CVSS 9.0 View on NVD ↗

Description

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Published: Jun 23, 2026 09:16 UTC Modified: Jun 23, 2026 15:42 UTC