Auth Bypass in ManageEngine Log360 via Improper Filter: CVE-2026-3324 April 2026

Authentication Bypass
Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.

Vulnerability Analysis

CVE-2026-3324 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Products Associated with CVE-2026-3324

Want to know whenever a new CVE is published for Zoho Corp Manageengine Log360? stack.watch will email you.

Auth Bypass in ManageEngine Log360 via Improper Filter
CVE-2026-3324 Published on April 16, 2026

Vulnerability Analysis

Weakness Type

Authentication Bypass Using an Alternate Path or Channel

Products Associated with CVE-2026-3324

Affected Versions

Auth Bypass in ManageEngine Log360 via Improper FilterCVE-2026-3324 Published on April 16, 2026

Vulnerability Analysis

Weakness Type

Authentication Bypass Using an Alternate Path or Channel

Products Associated with CVE-2026-3324

Affected Versions

Auth Bypass in ManageEngine Log360 via Improper Filter
CVE-2026-3324 Published on April 16, 2026