CVE-2026-2740

Description

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Affected products

Zohocorp / ManageEngine ADSelfService Plus0 – 6525
Zohocorp / ManageEngine DataSecurity Plus0 – 6264
Zohocorp / ManageEngine RecoveryManager Plus0 – 6313

References

MISChttps://www.manageengine.com/products/self-service-password/advisory/CVE-2026-2740.html