๐Ÿ” CVE Alert

CVE-2026-12117

UNKNOWN 0.0
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request.

CWE CWE-200
Vendor devolutions
Product devolutions server
Published Jun 16, 2026
Stay Ahead of the Next One

Get instant alerts for devolutions devolutions server

Be the first to know when new unknown vulnerabilities affecting devolutions devolutions server are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Devolutions / Devolutions Server
2026.2.0 < 2026.2.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
devolutions.net: https://devolutions.net/security/advisories/DEVO-2026-0017/