Authenticated SQL Injection Vulnerability in ManageEngine PAM360 and Password Manager Pro
CVE-2026-5785

8.1HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Pam360; Manageengine Password Manager Pro
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-5785?

ManageEngine PAM360 prior to version 8531 and ManageEngine Password Manager Pro from versions 8600 to 13230 are susceptible to an authenticated SQL injection vulnerability within the query report module. This issue allows attackers with valid credentials to manipulate the database and potentially extract sensitive information. It is essential for users to update to the latest versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

ManageEngine PAM360 0 < 8531

ManageEngine Password Manager Pro 8600 <= 13230

References

https://www.manageengine.com/products/passwordmanagerpro/...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 8, 2026

CVE-2026-5785 Data

JSON

Zohocorp

What is CVE-2026-5785?

Affected Version(s)

References

CVSS V3.1

Timeline