A vulnerability classified as problematic has been found in Zoho ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus and ADAudit Plus . This affects an unknown function. The manipulation leads to generation of predictable numbers or identifiers. This vulnerability is referenced as CVE-2026-11374 . Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.