Platform
manageengine
Component
manageengine-pam360
Fixed in
8531
8531
CVE-2026-5785 describes an authenticated SQL injection vulnerability discovered in ManageEngine PAM360. This flaw allows an attacker who has successfully authenticated to the system to inject malicious SQL code, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions 0.0.0 through 13230 of PAM360, and a patch is available in version 8531.
Successful exploitation of CVE-2026-5785 could allow an attacker to bypass authentication and directly query the database underlying ManageEngine PAM360. This could result in the exfiltration of sensitive information, including user credentials, password policies, and stored secrets. Depending on the database schema and permissions, an attacker might even be able to modify or delete data, disrupting PAM360's functionality and potentially compromising the security of managed accounts. The blast radius extends to any system relying on PAM360 for privileged access management.
CVE-2026-5785 was publicly disclosed on April 16, 2026. There is currently no indication of active exploitation in the wild, nor are there any publicly available proof-of-concept exploits. The vulnerability has been added to the CISA KEV catalog, indicating a medium probability of exploitation. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.02% (7% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5785 is to upgrade ManageEngine PAM360 to version 8531 or later, which contains the necessary fix. If immediate upgrading is not possible, consider implementing strict input validation on all user-supplied data within the query report module. While not a complete solution, this can reduce the attack surface. Web application firewalls (WAFs) configured to detect and block SQL injection attempts can also provide a temporary layer of protection. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection payload in the query report module and verifying that it is properly sanitized.
Update ManageEngine PAM360 to version 8531 or later, or ManageEngine Password Manager Pro to a version later than 13230 to mitigate the (SQL Injection) vulnerability. Check the release notes for specific upgrade instructions. Implement input validation and sanitization to prevent future (SQL Injection) attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5785 is a SQL injection vulnerability in ManageEngine PAM360 affecting versions 0.0.0–13230. An authenticated attacker can inject malicious SQL code to access or manipulate data.
If you are running ManageEngine PAM360 versions 0.0.0 through 13230, you are potentially affected by this vulnerability. Upgrade to version 8531 or later to mitigate the risk.
The recommended fix is to upgrade ManageEngine PAM360 to version 8531 or later. As a temporary measure, implement input validation and consider using a WAF.
As of the current date, there is no confirmed evidence of active exploitation of CVE-2026-5785 in the wild.
Refer to the official ManageEngine security advisory for detailed information and updates regarding CVE-2026-5785: [https://www.manageengine.com/security-alerts/]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.