CVE-2021-33911
Description
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zoho ManageEngine ADManager Plus before build 7110 allows unauthenticated remote code execution via a crafted request.
Vulnerability
A remote code execution vulnerability exists in Zoho ManageEngine ADManager Plus prior to build 7110. The bug resides in an unspecified component that processes specially crafted requests without proper authentication. No special configuration is required for the vulnerable code path to be reachable by an attacker. The affected version is any build before 7110 [1].
Exploitation
An attacker can exploit this vulnerability by sending a maliciously crafted request to the target ADManager Plus server. No authentication is needed, and no user interaction is required. The attacker only needs network access to the vulnerable service [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code on the server. This provides full compromise of the application and underlying system, leading to complete loss of confidentiality, integrity, and availability [1].
Mitigation
Zoho released build 7110 to fix this vulnerability. Users should upgrade to ADManager Plus build 7110 or later. No other workarounds have been published. The CVE is not listed in CISA's Known Exploited Vulnerabilities catalog [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zoho/ManageEngine ADManager Plusdescription
- Range: <7110
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.manageengine.com/products/ad-manager/release-notes.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.