CVE Catalog

CVE-2026-11374

CriticalCVSS 9.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.24%

65th percentile — higher than 65% of all known CVEs

Summary

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, SSO tickets generated to authenticate the session could be predicted by an unauthenticated user, leading to account takeover.

Risk Assessment

The predictability of SSO tickets poses a risk of account takeover, which could lead to unauthorized access to sensitive data and organizational resources.

Recommendation

It is recommended to update the software to the latest version and implement additional security mechanisms to minimize the risk of SSO ticket prediction.

Original NVD description (English source)

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS