Home / Vulnerability Intelligence / CVE-2026-3324

CVE-2026-3324 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: April 16, 2026

Zohocorp ManageEngine Log360 - Authentication Bypass

Published: April 16, 2026Updated: April 16, 2026Remote Exploitable

Overview

Zohocorp ManageEngine Log360 13000 through 13013 contains an authentication bypass caused by improper filter configuration on certain actions, letting attackers bypass authentication, exploit requires no special conditions.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Attackers can bypass authentication, potentially gaining unauthorized access to restricted actions.

Mitigation

Update to a version later than 13013 or the latest available version.

References

https://www.manageengine.com/log-management/advisory/CVE-2026-3324.html

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3324
Severity: High
CVSS Score: 8.2
Type: broken_authentication
Status: new

CWE

CWE-288

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N