
ManageEngine AD360 Flaw Lets Unauthenticated Attackers Take Over User Accounts
A high-severity vulnerability, tracked as CVE-2026-11374, has been disclosed in multiple ManageEngine products, ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, when deployed as integrated components within the ManageEngine AD360 suite. The flaw allows unauthenticated attackers to predict Single Sign-On (SSO) tickets and fully take over targeted user accounts. ManageEngine AD360 Flaw The […]
The post ManageEngine AD360 Flaw Lets Unauthenticated Attackers Take Over User Accounts appeared first on Cyber Security News.