Severity: High
CVE ID: CVE-2026-12264
Affected Software Version(s): DDI Central 6.2.0 / Build 6200
Fixed Version: Build 6201
Fixed on: June 18, 2026
Details:
The ManageEngine DDI Central 6.2.0 build 6200 had an arbitrary file write vulnerability in the HA Failover Config sync upload workflow. This issue could allow an authenticated operator-level user to upload unsafe archive content into restricted application paths, potentially leading to remote code execution as root.
The vulnerability has been fixed by requiring administrator-level authorization for the HA Failover Config sync upload endpoint and by validating uploaded archives before extraction.
Impact:
Successful exploitation of this vulnerability could result in unsafe file writes to the application source tree and potential remote code execution on the DDI Central host.
Steps to upgrade:
Update your DDI Central Console and Node Agent instances to the latest build 6201 using the service pack.
Acknowledgements:
This issue was reported by d3lt4_2410.