PT-2026-22827 · Devolutions · Devolutions Remote Desktop Manager
Published
2026-03-03
·
Updated
2026-05-10
·
CVE-2026-2590
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Devolutions Remote Desktop Manager versions 2025.3.30 and earlier
Description
An issue exists in the connection entry component of the software where the 'Disable password saving in vaults' setting is not properly enforced. This allows an authenticated user to persist credentials in vault entries when password saving is disabled. This could potentially expose sensitive information to other users by creating or editing specific connection types.
Recommendations
Versions prior to 2025.3.30 should be updated.
Fix
RCE
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Devolutions Remote Desktop Manager