CVE-2026-10544
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : * Devolutions Server 2026.2.4.0 * Devolutions Server 2026.1.20.0 and earlier
| CWE | CWE-78 |
| Vendor | devolutions |
| Product | server |
| Published | Jun 8, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for devolutions server
Be the first to know when new medium vulnerabilities affecting devolutions server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Devolutions / Server
2026.2.4.0 0 โค 2026.1.20.0