CVE-2026-5785

Summary

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.

Affected Software

VendorProductVersion RangeStatus
ZohocorpManageEngine PAM3600 < 8531affected
ZohocorpManageEngine Password Manager Pro8600 <= 13230affected

Weaknesses

  • CWE-89: CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References