CVE-2026-13372
CVSS Score
7.2
EPSS Score
0.0%
EPSS Percentile
0th
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name collision with an existing VPN script link.
| CWE | CWE-706 |
| Vendor | devolutions |
| Product | remote desktop manager |
| Published | Jun 26, 2026 |
| Last Updated | Jun 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for devolutions remote desktop manager
Be the first to know when new high vulnerabilities affecting devolutions remote desktop manager are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Devolutions / Remote Desktop Manager
2026.2.5 < 2026.2.11