Zoho ManageEngine Log360 Hit by Auth Bypass
The National Vulnerability Database (NVD) has flagged a significant authentication bypass vulnerability, CVE-2026-3324, impacting ZohoCorp’s ManageEngine Log360. Specifically, versions 13000 through 13013 are susceptible due to what the NVD describes as an ‘improper filter configuration’ on certain actions. This isn’t just a minor glitch; it’s a critical flaw that could allow unauthorized access.
Rated with a CVSS score of 8.2 (HIGH), this vulnerability (CWE-288) presents a serious risk. The vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N indicates that it’s network-exploitable with low attack complexity, requiring no privileges or user interaction. An attacker could achieve high confidentiality impact and low integrity impact, with no availability impact. Essentially, it’s a prime target for threat actors looking to slip past defenses unnoticed.
What This Means For You
- If your organization uses ZohoCorp ManageEngine Log360, particularly versions 13000 through 13013, you need to prioritize patching or mitigation immediately. An authentication bypass means attackers can sidestep your login mechanisms, potentially gaining access to sensitive logs and system information. Verify your Log360 version and apply any available updates or vendor-recommended workarounds without delay.
Related ATT&CK Techniques
🛡️ Detection Rules
4 rules · 6 SIEM formats4 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, QRadar AQL, and Wazuh.
Web Application Exploitation Attempt — CVE-2026-3324
Want this in your SIEM's native format? Get Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, or Wazuh — ready to paste.
4 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.
Get All SIEM Formats →Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-3324 | Auth Bypass | Zohocorp ManageEngine Log360 versions 13000 through 13013 |
| CVE-2026-3324 | Auth Bypass | Improper filter configuration |
Related Posts
Hackers Exploit Marimo Flaw, Deploy NKAbuse via Hugging Face
BleepingComputer recently reported that threat actors are actively exploiting a critical vulnerability within Marimo, the reactive Python notebook environment. This exploitation serves as a vector...
Fastify Middie Bypass: Double Slashes, Double Trouble
CVE-2026-33804 — @fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic...
CVE-2026-2840 — Cross-Site Scripting (XSS)
CVE-2026-2840 — The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode...