Severity: High
CVE ID: CVE-2026-12267
Affected Software Version(s): DDI Central 6.2.0 / Build 6200
Fixed Version: Build 6201
Fixed on: June 18, 2026
Details:
The ManageEngine DDI Central 6.2.0 build 6200 had an input validation vulnerability in the Windows DNS Query Resolution Policy name field. This issue could allow an authenticated user to execute unsafe PowerShell commands on a managed Windows DNS server.
The vulnerability has been fixed by strengthening input validation for Query Resolution Policy names before they are used in Windows DNS server operations.
Impact:
Successful exploitation of this vulnerability could result in remote code execution on a managed Windows DNS server.
Steps to upgrade:
Update your DDI Central Console and Node Agent instances to the latest build 6201 using the service pack.
Acknowledgements:
This issue was reported by d3lt4_2410.