CVE-2026-13594: Improper Access Control vulnerability in Log360 and EventLog Analyzer
| Vulnerability details |
| Severity |
High |
| CVE ID |
CVE-2026-13594 |
| Affected software versions |
Builds from 13025 to 13061 |
| Fixed version |
13062 |
| Fixed on |
July 6, 2026 |
Details
CVE-2026-13594 is a security vulnerability in ManageEngine Log360 and EventLog Analyzer which could allow an adversary to gain unauthorized access to the product.
Impact
Successful exploitation of this vulnerability could impact the confidentiality, integrity, and availability of the product.
Fix
The issue has been resolved by strengthening the authentication checks in the affected components.
Steps to update
Update your Log360 or EventLog Analyzer instance to build 13062 or later using the service pack.
Acknowledgements
This issue was reported by tran nghia through the Zoho BugBounty program.
If you have any questions or need assistance updating the product to the latest version, please contact product support or our security team.