ManageEngine (Password Manager Pro, PAM360, and others) Family April 2026 Security Update Advisory

Overview.

Multiple high-risk vulnerabilities have been disclosed in Zoho’s ManageEngine suite.
the disclosure date is April 16, 2026.

Affected products and affected versions.

• Password Manager Pro: Versions from 8600 to 13230 are affected.
• PAM360: Versions up to 8530 are affected.
• Log360: Versions between builds 13000 and 13013 are affected.

Summary of resolved vulnerabilities.

• CVE-2026-5785: SQL injection vulnerability in the authenticated state, classified as high impact in Password Manager Pro and PAM360.
• CVE-2026-3324: An authentication bypass vulnerability in Log360, categorized as High Impact.

Risk and Impact.

• CVE-2026-5785 has the potential to allow arbitrary SQL query execution through an authenticated account and result in database integrity compromise or sensitive information disclosure.
• CVE-2026-3324 has the potential to allow unauthorized access through authentication bypass, resulting in a risk of system control or information leakage.

Recommendation.

• affected products should be updated to the patched version.
• the patched versions are Password Manager Pro 13231, PAM360 8531, and Log360 build 13017.

References.

• CVE-2026-5785 announcement: https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785.html.
• CVE-2026-3324 announcement: https://www.manageengine.com/log-management/advisory/CVE-2026-3324.html.