CVE Catalog

CVE-2026-10544

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile - higher than 13% of all known CVEs

Summary

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider.

Risk Assessment

This issue poses a serious security risk as it may lead to unauthorized access and potential takeover of systems.

Recommendation

It is recommended to update Devolutions Server to the latest version to mitigate this vulnerability and restrict vault access to trusted users.

Original NVD description (English source)

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : * Devolutions Server 2026.2.4.0 * Devolutions Server 2026.1.20.0 and earlier

Vulnerability data from NVD (NIST) · CISA KEV · EPSS