• Home
  • cyber
  • ADAudit Plus, ADSelfService Plus, ManageEngine and M365 Manager Plus: ManageEngine AD360 Integrated Products Hit by Account Takeover Vulnerability
cyber Vulnerability

ADAudit Plus, ADSelfService Plus, ManageEngine and M365 Manager Plus: ManageEngine AD360 Integrated Products Hit by Account Takeover Vulnerability

Jun 3, 2026 2 min read
ADAudit Plus, ADSelfService Plus, ManageEngine and M365 Manager Plus: ManageEngine AD360 Integrated Products Hit by Account Takeover Vulnerability

ManageEngine Patches Critical Account Takeover Flaw in AD360 Suite (CVE-2026-11374)

ManageEngine has disclosed a critical vulnerability, CVE-2026-11374, enabling unauthenticated account takeovers in its AD360 identity and access management suite. The flaw affects multiple integrated products ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus when used with AD360 via single sign-on (SSO).

The vulnerability stems from predictable SSO ticket generation, allowing attackers to craft or guess valid authentication tokens without credentials. Successful exploitation grants access to a user’s identity and role, potentially leading to full account compromise, privilege escalation, or lateral movement within enterprise networks.

Affected versions include:

  • ADSelfService Plus (builds ≤6528, patched in 6529 on June 3, 2026)
  • RecoveryManager Plus (builds ≤6320, patched in 6321 on June 5, 2026)
  • M365 Manager Plus (builds ≤4816, patched in 4817 on June 10, 2026)
  • ADAudit Plus (builds ≤8702, patched in 8703 on June 12, 2026)

ManageEngine addressed the issue by strengthening SSO ticket generation to prevent predictability. The vulnerability was responsibly disclosed by security researcher 0xmanhnv via the Zoho BugBounty program.

Given AD360’s role in managing Active Directory, password self-service, auditing, and Microsoft 365 administration, the flaw poses a high-risk threat to enterprises relying on these tools. Organizations are urged to apply patches immediately due to the vulnerability’s pre-authentication nature.

Source: https://gbhackers.com/manageengine-ad360-account-takeover-vulnerability/

ManageEngine cybersecurity rating report: https://www.rankiteo.com/company/manageengine

ManageEngine IAM cybersecurity rating report: https://www.rankiteo.com/company/manageengine-identity-and-access-management

"id": "MANMAN1782397883",
"linkid": "manageengine, manageengine-identity-and-access-management",
"type": "Vulnerability",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Enterprises relying on AD360, '
                                              'ADSelfService Plus, '
                                              'RecoveryManager Plus, M365 '
                                              'Manager Plus, and ADAudit Plus',
                        'industry': 'Identity and Access Management (IAM)',
                        'name': 'ManageEngine AD360 Suite',
                        'type': 'Software'}],
 'attack_vector': 'Predictable SSO ticket generation',
 'data_breach': {'sensitivity_of_data': 'User identities and roles'},
 'date_resolved': '2026-06-12',
 'description': 'ManageEngine has disclosed a critical vulnerability, '
                'CVE-2026-11374, enabling unauthenticated account takeovers in '
                'its AD360 identity and access management suite. The flaw '
                'affects multiple integrated products (ADSelfService Plus, '
                'RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus) '
                'when used with AD360 via single sign-on (SSO). The '
                'vulnerability stems from predictable SSO ticket generation, '
                'allowing attackers to craft or guess valid authentication '
                'tokens without credentials. Successful exploitation grants '
                'access to a user’s identity and role, potentially leading to '
                'full account compromise, privilege escalation, or lateral '
                'movement within enterprise networks.',
 'impact': {'identity_theft_risk': 'High',
            'operational_impact': 'Full account compromise, privilege '
                                  'escalation, lateral movement within '
                                  'enterprise networks',
            'systems_affected': 'AD360, ADSelfService Plus, RecoveryManager '
                                'Plus, M365 Manager Plus, ADAudit Plus'},
 'post_incident_analysis': {'corrective_actions': 'Strengthened SSO ticket '
                                                  'generation to prevent '
                                                  'predictability',
                            'root_causes': 'Predictable SSO ticket generation'},
 'recommendations': 'Organizations are urged to apply patches immediately due '
                    'to the vulnerability’s pre-authentication nature.',
 'references': [{'source': 'Zoho BugBounty Program'}],
 'response': {'containment_measures': 'Patches released for affected products',
              'remediation_measures': 'Strengthened SSO ticket generation to '
                                      'prevent predictability'},
 'title': 'ManageEngine Patches Critical Account Takeover Flaw in AD360 Suite '
          '(CVE-2026-11374)',
 'type': 'Account Takeover',
 'vulnerability_exploited': 'CVE-2026-11374'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.