Direct Inward Dialing: +1 408 916 9393
| Vulnerability Details | |
| Severity | High |
| ZVE ID | ZVE-2026-1924 |
| Affected software versions | Build 8041 and older |
| Fixed version | Build 8042 |
| Fixed on | April 22, 2026 |
ZVE-2026-1924 describes a Path Traversal vulnerability in the /Report.do endpoint of ADManager Plus. The issue occurred due to improper validation of the path parameter, which allowed authenticated users to manipulate input and read arbitrary files from the server file system. By exploiting this, attackers could access sensitive system files outside the intended directory.
This vulnerability could be exploited only by authenticated users and allowed unauthorized access to sensitive files on the server. This could lead to exposure of configuration data and potentially aid further compromise of the system.
This issue has been resolved in ADManager Plus build 8042 by implementing proper validation and restriction of file path inputs.
Update your ADManager Plus instance to the latest build by installing the service pack.
This issue was reported by khanh nguyen through Zoho's Bug Bounty program.
Select a language to translate the contents of this web page:
Fill this form, and we'll contact you rightaway.
Our technical support team will get in touch with you at the earliest."
