CVE-2026-2590

Critical CVSS: 9.8

Improper
enforcement of the Disable password saving in vaults setting in the
connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries,
potentially exposing sensitive information to other users, by creating
or editing certain connection types while password saving is disabled.

Vendor

Devolutions

Product

Remote Desktop Manager

CWE

CWE-20

Yayın Tarihi

2026-03-03 22:16:29

Güncelleme

2026-03-05 15:01:54

Source Identifier

security@devolutions.net

KEV Date Added

Kategoriler

CWE-20 Remote Desktop Manager CRITICAL Devolutions 2026

Referanslar

https://devolutions.net/security/advisories/DEVO-2026-0005

Benzer Kayıtlar

Medium

CVE-2026-5175

Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenti…

High

CVE-2026-4828

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote att…

Medium

CVE-2026-4829

Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an…

High

CVE-2026-4924

Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026.1.11 and earlier all…

Medium

CVE-2026-4925

Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administra…

Medium

CVE-2026-4927

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privi…