SQL Injection Vulnerability in ManageEngine ADSelfService Plus by Zohocorp
CVE-2026-1367

8.3HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Adselfservice Plus
Vendor: CVE Published:; 23 February 2026

What is CVE-2026-1367?

ADSelfService Plus, developed by Zohocorp, is subject to an authenticated SQL Injection vulnerability within its search report feature. This flaw allows attackers to execute unauthorized SQL queries against the database, potentially leading to data exposure or manipulation. Users of versions 6522 and below should prioritize patching their installations to mitigate potential exploitation risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ManageEngine ADSelfService Plus 0 < 6523

References

https://www.manageengine.com/uk/products/self-service-pas...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 23, 2026
Vulnerability Reserved
Jan 23, 2026

Credit

Nguyen Dang Toan

JSON

Zohocorp

What is CVE-2026-1367?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.