CVE Catalog

CVE-2026-12117

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

In Devolutions Server 2026.2.5, improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized.

Risk Assessment

The organization may be exposed to the disclosure of social login metadata information, potentially leading to further attacks or privacy breaches.

Recommendation

It is recommended to update to the latest version of Devolutions Server and implement appropriate access controls to prevent unauthorized access to metadata.

Original NVD description (English source)

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS