216.73.216.86

CVE-2026-2740

· Published 21/05/2026 14:16 · Modified 21/05/2026 15:26

Labels: CVE-2026-2740 0fc0942c-577d-436f-ae8e-945763c79b022026-05-21CVE-2026-2740CWE-77

Essential information

Published
21/05/2026 14:16
Modified
21/05/2026 15:26
Author
Creator
CVSS
8.4 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

CVSS metrics

Description

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
0fc0942c-577d-436f-ae8e-945763c79b02
NVD
View on NVD

Affected products (CPE)

ProductCPE
zohocorp / manageengine adselfservice plus cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*
zohocorp / manageengine datasecurity plus cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*
zohocorp / manageengine recoverymanager plus cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*

References