Arbitrary Command Execution Vulnerability in Devolutions Server by Devolutions
CVE-2026-10544

6.5MEDIUM

Key Information:

Status
Vendor
CVE Published:
8 June 2026

What is CVE-2026-10544?

A vulnerability exists in Devolutions Server stemming from improper neutralization in the PAM provider's password rotation templates. An authenticated user with write access to a vault could exploit this issue to execute arbitrary commands on the managed systems, potentially leading to unauthorized access and compromising system integrity.

Affected Version(s)

Server 2026.2.4.0

Server 0 <= 2026.1.20.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.