CVE-2026-12117

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2026-12117

Affected Products

Devolutions Server

CVE-2026-12117

Weakness Enumeration

Related Identifiers

Affected Products

References · 2