CVE Catalog
CVE-2026-12105
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.20%
10th percentile — higher than 10% of all known CVEs
Summary
Improper access control in Devolutions Server 2026.2.5 and 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions.
Risk Assessment
The organization may be exposed to unauthorized access to sensitive data, potentially leading to information leaks or privacy violations.
Recommendation
It is recommended to review and adjust access permissions for folders and to update to the latest version of the software to minimize risk.
Original NVD description (English source)
Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions.

