CVE Catalog

CVE-2026-11890

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

Improper access control in PAM account discovery in Devolutions Server 2026.2.5 and 2026.1.21 allows an authenticated user to retrieve account discovery scan results.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive account information, potentially leading to further attacks or security breaches.

Recommendation

It is recommended to review and enhance access control mechanisms in the application to prevent unauthorized access to scan results.

Original NVD description (English source)

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS