A vulnerability labeled as critical has been found in Zoho ManageEngine ADSelfService Plus, DataSecurity Plus and RecoveryManager Plus . Impacted is an unknown function. Such manipulation leads to command injection. This vulnerability is listed as CVE-2026-2740 . The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.