CVE-2026-2740 — HIGH (8.4) — White Hats Nepal

Vulnerability Description

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Related Weaknesses (CWE)

CWE-77

References

https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-27

FAQ

What is CVE-2026-2740?

CVE-2026-2740 is a vulnerability with a CVSS score of 8.4 (HIGH). Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent mach...

How severe is CVE-2026-2740?

CVE-2026-2740 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-2740?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.