CVE-2026-1367HIGH 8.3EPSS p93.9%

CVE-2026-1367CVE-2026-1367

Description

Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option.

Scoring

CVSS 3.18.3 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS7.87% probability of exploitation · percentile 93.9% · 2026-06-18T12:00:27Z
Published2026-02-23
Last modified2026-04-15

Underlying weaknesses· 1

CWE-89

References

  1. https://www.manageengine.com/uk/products/self-service-password/advisory/CVE-2026-1367.html

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-3833
CVE
CVE-2026-5785
CVE
CVE-2025-36528
CVE
CVE-2025-27709
CVE
CVE-2025-36527
CVE
CVE-2025-8324
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.