CVE-2026-3324
嗯,用户让我用中文总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先,我需要通读整篇文章,抓住主要信息。文章讲的是ManageEngine Log360的一个认证绕过漏洞,CVE编号是CVE-2026-3324,属于高危漏洞。影响的版本是从13000到13013。这个漏洞可以让攻击者绕过认证,访问数据和操作。修复版本是13017,发布于2026年3月10日。 接下来,我需要把这些关键点浓缩到一百字以内。要确保包括漏洞名称、影响范围、严重性、可能的影响以及修复措施。 可能的结构是:ManageEngine Log360存在认证绕过漏洞(CVE-2026-3324),影响版本13000-13013,可能导致未经授权访问数据和操作。已在13017版本修复。 这样应该符合用户的要求了。 </think> ManageEngine Log360存在认证绕过漏洞(CVE-2026-3324),影响版本13000至13013,可能导致未经授权访问数据和操作。该漏洞已通过升级至版本13017修复。 2026-4-21 15:41:40 Author: horizon3.ai(查看原文) 阅读量:18 收藏

ManageEngine Log360 Authentication Bypass Vulnerability

ManageEngine has disclosed CVE-2026-3324, a high-severity authentication bypass vulnerability affecting Log360 builds 13000 through 13013. According to the vendor, the issue affects exposed V1 APIs and can result in authorization checks being bypassed, potentially enabling unauthorized access to data and operations. ManageEngine fixed the issue in build 13017, released on March 10, 2026.

Technical Details

CVE-2026-3324 describes an authentication bypass vulnerability affecting exposed V1 APIs in ManageEngine Log360. ManageEngine states that affected versions are builds 13000 through 13013, and that successful exploitation could allow unauthorized access to data and operations by bypassing authorization checks. The issue is resolved in build 13017.

Stop Guessing, Start Proving

NodeZero® Proactive Security Platform — Rapid Response

Horizon3.ai has prepared Rapid Response messaging for CVE-2026-3324 in the GTM guide you shared.

  • Run the Rapid Response test: Horizon3.ai customers can launch the test from the customer portal to determine whether exposed Log360 systems are vulnerable.
  • Patch immediately: Upgrade affected Log360 instances from builds 13000 through 13013 to build 13017 or later. ManageEngine’s service pack page says users on builds 13000 through 13016 should install Service Pack 13.1.1, which corresponds to build 13017.
  • Re-run the Rapid Response test: Validate that the upgrade removed exploitability and confirm the exposure has been closed.

Affected versions & patch

  • Affected: ManageEngine Log360 builds 13000 through 13013.
  • Fixed: Build 13017.
  • Fixed on: March 10, 2026.
  • Patch guidance: Update to build 13017 or later using ManageEngine’s service pack process.

Timeline

  • March 10, 2026: ManageEngine released Log360 build 13017.
  • April 17, 2026: ManageEngine published the public Log360 advisory for CVE-2026-3324 describing the affected versions, impact, and fix.

References

Read about other CVEs

NodeZero® Platform

Implement a continuous find, fix, and verify loop with NodeZero

The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.

Explore NodeZero

Recognized By


文章来源: https://horizon3.ai/attack-research/vulnerabilities/cve-2026-3324/
如有侵权请联系:admin#unsafe.sh