CVE-2026-2740
Awaiting Analysis Awaiting Analysis - Queue
Authenticated Remote Code Execution in Zohocorp ManageEngine Products

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: ManageEngine

Description
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-05-21
AI Q&A
2026-05-21
EPSS Evaluated
N/A
NVD
CVE-2026-2740
EUVD
EUVD-2026-31283
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
zohocorp manageengine_adselfservice_plus to 6525 (exc)
zohocorp datasecurity_plus to 6264 (exc)
zohocorp recoverymanager_plus to 6313 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-2740 is a high-severity authenticated remote code execution (RCE) vulnerability affecting ManageEngine ADSelfService Plus, RecoveryManager Plus, and DataSecurity Plus.

The flaw allows authenticated domain users to exploit improper access controls in the service used to deploy agents on client machines, enabling arbitrary command execution on those machines.

It affects ADSelfService Plus versions 6524 and earlier, DataSecurity Plus versions 6263 and earlier, and RecoveryManager Plus versions 6312 and earlier.


How can this vulnerability impact me? :

This vulnerability allows authenticated users to execute arbitrary commands remotely on agent machines, which can lead to unauthorized control over those systems.

Such unauthorized command execution can compromise the confidentiality, integrity, and availability of affected systems and data.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, users should update to the fixed versions of the affected products.

  • Update ManageEngine ADSelfService Plus to Build 6525 or later.
  • Update DataSecurity Plus to Build 6264 or later.
  • Update RecoveryManager Plus to Build 6313 or later.

Users can download the latest service packs from ManageEngine’s official links and contact product support for assistance if needed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart