CVE-2026-11374: ManageEngine Products Vulnerable to Predictable SSO Ticket IDs Leading to Account Takeover
A critical vulnerability (CVE-2026-11374, CVSS score of 9) in multiple ManageEngine products allows unauthenticated users to predict SSO ticket IDs, leading to account takeover. Affected products include ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus. Immediate action is required to update vulnerable versions.