CVE Catalog
CVE-2026-11890
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk0.16%
6th percentile — higher than 6% of all known CVEs
Summary
Improper access control in PAM account discovery in Devolutions Server 2026.2.5 and 2026.1.21 allows an authenticated user to retrieve account discovery scan results.
Risk Assessment
The organization may be exposed to unauthorized access to sensitive account information, potentially leading to further attacks or security breaches.
Recommendation
It is recommended to review and enhance access control mechanisms in the application to prevent unauthorized access to scan results.
Original NVD description (English source)
Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results.

