CVE-2026-2740

Published: Mag 21, 2026 Last Modified: Mag 21, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,4

Source: 0fc0942c-577d-436f-ae8e-945763c79b02

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: low

Description

AI Translation Available

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML

Likelihood of Exploit: High

View CWE Details

https://www.manageengine.com/products/self-service-password…

https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-2…

CVE-2026-2740

Description

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter