CVE-2026-12117
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
In Devolutions Server 2026.2.5, improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized.
Risk Assessment
The organization may be exposed to the disclosure of social login metadata information, potentially leading to further attacks or privacy breaches.
Recommendation
It is recommended to update to the latest version of Devolutions Server and implement appropriate access controls to prevent unauthorized access to metadata.
Original NVD description (English source)
Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request.

