CVE-2026-5785

HIGH

Zohocorp ManageEngine PAM360 < 8531 - SQL Injection

Title source: rule

Description

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.

References (1)

https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785.html

Scores

CVSS v3 8.1

EPSS 0.0002

EPSS Percentile 6.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-89

Status published

Products (2)

Zohocorp/ManageEngine PAM360 < 8531

Zohocorp/ManageEngine Password Manager Pro 8600 - 13230

Published Apr 16, 2026

Tracked Since Apr 16, 2026