Severity: High
CVE ID: CVE-2026-12265
Affected Software Version(s): DDI Central 6.2.0 / Build 6200
Fixed Version: Build 6201
Fixed on: June 18, 2026
Details:
The ManageEngine DDI Central 6.2.0 build 6200 had an access control vulnerability in the HA failover configuration endpoint. This issue could allow an authenticated low-privilege user to trigger destructive PostgreSQL database operations through the failover workflow.
This vulnerability has been fixed by enforcing administrator-level authorization for the HA failover endpoint, validating IP and credential inputs, and adding a connectivity pre-check before modifying local database configuration or data.
Impact:
Successful exploitation of this vulnerability could result in destructive database operations affecting the PostgreSQL database used by DDI Central.
Steps to upgrade:
Update your DDI Central Console and Node Agent instances to the latest build 6201 using the service pack.
Acknowledgements:
This issue was reported by C&N.