{"vulnerability": "CVE-2026-11374", "sightings": [{"uuid": "a8c5c901-c1f2-46c9-a289-66bf469070ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11374", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mox6zvolwn2f", "content": "Zoho ManageEngine ADSelfService Plus faces CRITICAL CVE-2026-11374: predictable SSO tickets let attackers hijack accounts. No patch \u2014 monitor vendor updates and restrict access. https://radar.offseq.com/threat/cve-2026-11374-cwe-340-generation-of-predictable-n-3400726b0246539c #OffSeq #Zoho #SSO", "creation_timestamp": "2026-06-23T10:30:35.844123Z"}, {"uuid": "a248eeb5-a98f-465c-b87f-80494043795d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11374", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116798955994793705", "content": "Zoho ManageEngine ADSelfService Plus hit by CRITICAL CVE-2026-11374: predictable SSO tickets enable unauthenticated account takeover. No patch yet \u2014 monitor advisories and review exposure. https://radar.offseq.com/threat/cve-2026-11374-cwe-340-generation-of-predictable-n-3400726b0246539c #OffSeq #Zoho #Vuln #SSO #Infosec", "creation_timestamp": "2026-06-23T10:30:36.922945Z"}, {"uuid": "a42cd323-f3de-4990-8b79-8008434b5d96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11374", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moxbkdgb2s2j", "content": "CVE-2026-11374 - Account Takeover via Predictable SSO Ticket Generation\nCVE ID : CVE-2026-11374\n \n Published : 23 juin 2026 08:19 | 1\u00a0heure, 23\u00a0minutes ago\n \n Description : In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO t...", "creation_timestamp": "2026-06-23T11:15:33.375690Z"}, {"uuid": "84033b7a-b17f-44a7-b822-0825637b0573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11374", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116804624818581404", "content": "A lot of offensive activities were identified targeting Zoho ManageEngine ADSelfService Plus and other products (CVE-2026-11374) https://vuldb.com/vuln/372876/cti", "creation_timestamp": "2026-06-24T10:32:12.577287Z"}, {"uuid": "e6d7f9b5-6c55-47e1-ae17-a8f03d2cc559", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11374", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mp4dmpv6ch2c", "content": "CVE-2026-11374: Critical AD360 SSO Flaw Lets Attackers Predict Login Tickets and Take Over Enterprise Accounts +\u00a0Video\n\n\ud83e\udde8 Introduction: A Silent Identity Crisis Inside Enterprise Access Systems A newly disclosed high-severity vulnerability, CVE-2026-11374, has sent shockwaves through enterprise\u2026", "creation_timestamp": "2026-06-25T11:35:59.900879Z"}, {"uuid": "ef16a8d0-1fc1-4916-b40a-5316baecd9e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11374", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mp4jjvhv7ji2", "content": "ManageEngine AD360 Integration Flaw Exposes User Identity and Role Information to Attackers ManageEngine has disclosed a high-severity vulnerability, tracked as CVE-2026-11374, affecting several of...\n\n#Cyber #Security #News #Vulnerability #News #cyber [\u2026] \n\n[Original post on cybersecuritynews.com]", "creation_timestamp": "2026-06-25T13:23:26.492856Z"}]}