CVE-2026-11374
CRITICALCVSS 9/10EPSS 1.24%
Last modified
This CVE is reserved or awaiting analysis. Details will appear once published by NVD.
Description
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Awaiting Analysis
Are you affected by CVE-2026-11374?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST