In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.Referenceshttps://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html
