ManageEngine AD360 Integration Flaw Exposes User Identity and Role Information to Attackers

Discover more Exploit database access Computer Security Security awareness training HomeCyber Security News ManageEngine AD360 Integration Flaw Exposes User Identity and Role Information to Attackers By Abinaya June 25, 2026 ManageEngine has disclosed a high-severity vulnerability, tracked as CVE-2026-11374, affecting several of its identity and access management solutions when integrated with AD360. The flaw could allow unauthenticated attackers to predict single sign-on (SSO) tokens, potentially leading to account takeover and exposure of sensitive user information. The issue affects ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus when deployed within the ManageEngine AD360 environment. These tools are commonly used across enterprise networks for identity governance, Active Directory management, auditing, and Microsoft 365 administration, making the vulnerability particularly significant in large-scale deployments. ManageEngine AD360 Integration Flaw The vulnerability was reported by security researcher 0xmanhnv through the Zoho BugBounty program, and ManageEngine has credited the researcher for the responsible disclosure. According to the advisory, the vulnerability stems from weaknesses in the generation of SSO tickets during authentication. When a user logs in via AD360’s SSO, the system issues a token to validate the session. However, researchers found that an unauthenticated attacker could predict these tokens. This predictability opens the door for attackers to craft valid session tokens without needing legitimate credentials. Exploitation of this flaw could allow attackers to impersonate users and gain unauthorized access to systems. In such scenarios, attackers may retrieve user identity details and role-based access information, which could, in turn, enable privilege escalation depending on the compromised account. In environments where AD360 acts as a central identity hub, this risk becomes more severe as multiple integrated services could be exposed through a single successful attack. An attacker could generate a valid SSO token to gain unauthorized access to ADAudit Plus audit logs and administrative data, enabling internal reconnaissance and potential lateral movement within the organization. The vulnerability affects ADSelfService Plus version 6528 and earlier, RecoveryManager Plus version 6320 and earlier, M365 Manager Plus version 4816 and earlier, and ADAudit Plus version 8702 and earlier. ManageEngine has released patches to address the issue in subsequent versions released between June 3 and June 12, 2026. To mitigate the risk, ManageEngine has strengthened the SSO ticket generation mechanism to ensure tokens are no longer predictable. Organizations using affected products are strongly advised to apply the latest service packs immediately to secure their environments. In addition to patching, security teams should closely monitor authentication logs for unusual SSO activity and review access permissions across critical accounts. Strengthening access controls and limiting exposure of identity services can further reduce the risk of exploitation. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News GitHub Actions Checkout Update Blocks Workflows Triggered by Malicious pull_request_target CyberSentinel AI with 33 Security Tools, Including Nmap, SQLMap, ZAP, and uses Claude, GPT Chrome Extensions’ Critical Flaws Let Attackers Easily Compromise Millions of Browsers Multiple Vulnerabilities in Firefox 152 Enables Remote Code Execution Attacks White House Orders Federal Agencies to Migrate Systems to Post-Quantum Cryptography Latest News Cyber Security WhatsApp to Warn Users Before Starting Chats With New Phone Numbers Cyber Security News Malicious Chrome Extension Uses Native Messaging Host to Execute PowerShell Commands Cyber Security News OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud Cyber Security News Hackers Use Cisco AnyConnect and Google Update Lures to Drop SharkLoader Malware Cyber Security Chrome 149 Security Update — Patch for Critical Flaws that Enable Code Execution Attacks