Home / Vulnerability Intelligence / CVE-2026-5785

CVE-2026-5785 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: April 17, 2026

Zohocorp ManageEngine - Authentication Bypass

Published: April 16, 2026Updated: April 17, 2026Remote Exploitable

Overview

Zohocorp ManageEngine PAM360 < 8531 and Password Manager Pro 8600 to 13230 contain an authenticated SQL injection caused by improper input sanitization in the query report module, letting authenticated attackers execute arbitrary SQL queries.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 2.2%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can execute arbitrary SQL commands, potentially leading to data disclosure or modification.

Mitigation

Upgrade PAM360 to version 8531 or later and Password Manager Pro to version 13231 or later.

References

https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785.html

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 16, 2026

🟠 CVE-2026-5785 - High (8.1) Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5785/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-5785
Severity: High
CVSS Score: 8.1
Type: sql_injection
Status: unconfirmed
EPSS: 2.2%
Social Posts: 1

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

2.2%Probability of exploitation in the next 30 days