CVE-2026-10787

The CVE-2026-10787 entry concerns Devolutions Server (versions 2026.2.4.0 and 2026.1.20.0 and earlier) where missing authorization in the deleted user groups API allows an authenticated, low-privileged user to enumerate metadata of deleted user groups via a crafted API request. The issue targets ...

CVE-2026-10786

CVE-2026-10786 affects Devolutions Server 2026.2.4.0 and 2026.1.20.0 and earlier. The issue is improper access control in the ticketing integration settings that allows an authenticated low-privilege user to obtain cleartext credentials for configured ticketing integrations via a crafted API requ...

CVE-2026-10544

This CVE (CVE-2026-10544) affects Devolutions Server, specifically versions 2026.2.4.0 and 2026.1.20.0 and earlier. The issue is described as improper neutralization of special elements in the built-in PAM provider password rotation templates, allowing an authenticated user with write access to a...

CVE-2026-11890

The CVE-2026-11890 entry concerns Devolutions Server versions 2026.1.21 and 2026.2.5, where improper access control in PAM account discovery allows an authenticated user to retrieve account discovery scan results. The connected documents confirm affected software and the root cause (in PAM accoun...

CVE-2026-12105

CVE-2026-12105 affects Devolutions Server in versions 2026.2.5 and 2026.1.21. The root cause is improper access control that allows an authenticated user to access attachments via folder duplication with inherited permissions. The documented impact is confidential data exposure (high) with a CVSS...

CVE-2026-12117

CVE-2026-12117 affects Devolutions Server 2026.2.5: improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata they are not authorized to access via a crafted API request. CVSSv3.1 base score is 4.3 (Medium). The p...