CVE-2026-5785

EUVD-2026-23239
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ZohocorpCNA
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
zohocorpmanageengine_pam360
𝑥
< 8531
CNA
zohocorpmanageengine_pam360
8600 ≤
𝑥
≤ 13230
CNA
Common Weakness Enumeration
References
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785.html