Introducing ADAudit Plus' Attack Surface Analyzer—Detect 25+ AD attacks and identify risky Azure configurations. Learn more×
 
Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Security Updates

Unauthenticated Remote Code Execution Vulnerability (CVE-2026-6516) fixed in ADAudit Plus build 8606

Vulnerability details
Severity Critical
CVE ID CVE-2026-6516
Affected Software Version(s) All ADAudit Plus builds below 8606
Fixed Version Build 8606
Fixed on April 17, 2026

Details

Vulnerabilities in ADAudit Plus Agent APIs that could allow authentication bypass and path traversal have been fixed.

Impact

An unauthenticated adversary could combine these vulnerabilities to potentially achieve remote code execution.

Steps to be taken:

  1. Update your ADAudit Plus instance to the latest version — 8606 — using the service pack.
  2. If your Windows agent version is earlier than 7060, upgrade the agent by following the steps on this page.
    • To check the agent version, open the ADAudit Plus web console and navigate to: Configuration → Agent Management → Manage → Installed Version column.
  3. If you have Mac agents installed, upgrade them to the latest version by following the steps on this page, regardless of the current version.

Acknowledgements

This issue was reported by Linhlt of VCB.

Please contact support@adauditplus.com for more details.

ADAudit Plus Trusted By

Meet all auditing and IT security needs with ADAudit Plus.

  • Active Directory
  • File servers
  • Windows server
  • Workstation
  • Compliance
  • Related Products

A single pane of glass for complete Active Directory Auditing and Reporting

Free Trial Get Quote
Email Download Link