Information disclosure in Devolutions Server
CVE-2026-12117
Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request.
Vulnerability class: Information Disclosure
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Devolutions Server — versions 2026.2.0
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2026-12117?
- CVE-2026-12117 is a medium-severity vulnerability in Devolutions Server, classified under Information Disclosure. CVSS score: 4.3/10. Published 2026-06-16.
- How severe is CVE-2026-12117?
- Medium severity. CVSS v3 base score is 4.3 out of 10.