What is CVE-2026-10696?

CVE-2026-10696 is a high-severity vulnerability in Devolutions Unigetui, classified under Use of Incorrectly-Resolved Name or Reference. CVSS score: 7.5/10. Published 2026-06-17.

How severe is CVE-2026-10696?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Devolutions Unigetui

CVE-2026-10696

Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attack…

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Devolutions Unigetui — versions 0

Weakness classification (CWE)

CWE-706 — Use of Incorrectly-Resolved Name or Reference

References

security@devolutions.net

Frequently asked questions

What is CVE-2026-10696?: CVE-2026-10696 is a high-severity vulnerability in Devolutions Unigetui, classified under Use of Incorrectly-Resolved Name or Reference. CVSS score: 7.5/10. Published 2026-06-17.
How severe is CVE-2026-10696?: High severity. CVSS v3 base score is 7.5 out of 10.