CVE-2026-1367 — SQL Injection in Manageengine Adselfservice Plus

CWE-89 — SQL Injection4 documents4 sources

Severity

8.3HIGHNVD

EPSS

0.3%

top 45.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Adselfservice Plus

Timeline

PublishedFeb 23

Description

Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages1 packages

▶CVEListV5zohocorp/manageengine_adselfservice_plus< 6523

🔴Vulnerability Details

GHSA

GHSA-7jmh-rhmc-g5gq: Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option↗2026-02-23

▶

CVEList

SQL Injection↗2026-02-23

▶

🕵️Threat Intelligence

Wiz

CVE-2026-1367 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶