VYPR
advisoryPublished Jun 17, 2026· Updated Jun 22, 2026· 1 source

Devolutions: Six CVEs Across Server, RDM, and UniGetUI Disclosed Together

Key findings • Three improper-access-control CVEs in Devolutions Server affect versions 2026.2.5 and 2026.1.21; no patch yet • CVE-2026-12161 (CVSS 8.8) lets authenticated RDM users execute a…

Key findings

  • Three improper-access-control CVEs in Devolutions Server affect versions 2026.2.5 and 2026.1.21; no patch yet
  • CVE-2026-12161 (CVSS 8.8) lets authenticated RDM users execute arbitrary commands via SSH Elevate Shell
  • CVE-2026-12162 discloses stored social login credentials via a lookalike domain in RDM autofill
  • CVE-2026-10696 enables supply-chain confusion in UniGetUI via the WinGet catalog
  • All six CVEs require prior authentication except the UniGetUI catalog-contributor vector

On June 16–17, 2026, Devolutions disclosed six vulnerabilities spanning its flagship privileged access management (PAM) platform, Devolutions Server, and its companion remote-access tool, Remote Desktop Manager (RDM). The batch includes three improper-access-control bugs in Devolutions Server, a high-severity command-injection flaw in RDM's SSH Elevate Shell feature, a credential-disclosure issue in RDM's social login autofill, and a supply-chain style attack vector in the UniGetUI package manager backend. Together, the disclosures highlight a recurring theme: authenticated users — or, in one case, a malicious catalog contributor — can reach data or execution paths they should not be able to touch.

Three of the six CVEs target Devolutions Server. CVE-2026-12117 (improper access control in the social login connection endpoint) allows an authenticated vault member to enumerate social-login entry metadata they are not authorized to see via a crafted API request. CVE-2026-12105 lets an authenticated user bypass folder ACLs by duplicating folders with inherited permissions, thereby gaining access to attachments that should remain restricted. CVE-2026-11890 exposes PAM account discovery scan results to any authenticated user, leaking the output of discovery scans that are normally scoped to privileged roles. All three affect Devolutions Server versions 2026.2.5 and 2026.1.21. As of the disclosure date, no patch had been released Vypr Intelligence.

Two vulnerabilities reside in Devolutions Remote Desktop Manager. CVE-2026-12161 (CVSS 8.8, High) is an improper-input-validation bug in the SSH Elevate Shell feature. An authenticated user with permission to create or modify a shared SSH entry can execute arbitrary commands on a remote SSH host using stored elevation credentials — by crafting an alternate username and using the elevation shell in a way the input validation was not designed to block. CVE-2026-12162 (CVSS 5.5, Medium) is an improper-host-validation flaw in the social login autofill feature. An attacker can craft a web entry that points to a provider lookalike domain; when a victim uses autofill, stored social login credentials are disclosed to the attacker-controlled domain.

The sixth CVE, CVE-2026-10696, targets Devolutions UniGetUI (version 2026.2.0 and earlier). The bug is a use-of-incorrectly-resolved-name-or-reference in the pinget backend. A WinGet community catalog contributor can cause an installed application to be correlated to an unrelated, attacker-controlled catalog package, and then execute an attacker-controlled installer. This is effectively a supply-chain confusion attack: a malicious package maintainer can hijack the identity of a legitimate installed app to push a trojaned update.

Devolutions has not yet shipped patches for any of the six CVEs. Users of Devolutions Server 2026.2.5 and 2026.1.21 should monitor the vendor's advisory feed for a fix; the three Server bugs all require prior authentication, which limits the attack surface to internal or trusted users. For RDM, upgrading to a version beyond 2026.2.8 (for the social login issue) and 2026.2.7 (for the SSH elevation issue) is recommended once available. UniGetUI users should restrict catalog sources to trusted repositories until a patched release arrives.

This batch underscores a pattern across Devolutions' product line: access-control boundaries that hold under normal use can be bypassed through crafted API calls, folder duplication, or input-manipulation tricks. While none of the six CVEs are known to be exploited in the wild as of publication, the high severity of CVE-2026-12161 and the supply-chain nature of CVE-2026-10696 make them priority items for defenders. Organizations running Devolutions Server or RDM in production should treat this disclosure as a prompt to review their patch cadence and to audit which users hold permissions to create or modify shared SSH entries.

Synthesized by Vypr AI