Improper Access Control in Devolutions Server Affects User Data Security
CVE-2026-12105
6.5MEDIUM
What is CVE-2026-12105?
An improper access control vulnerability exists in Devolutions Server versions 2026.2.5 and 2026.1.21, which allows authenticated users to gain unauthorized access to attachments through folder duplication that improperly inherits permissions. This flaw could potentially expose sensitive user data, leading to significant security risks if exploited. Organizations using these versions are advised to assess their security posture and apply the necessary mitigations as outlined in Devolutions' security advisory.
Affected Version(s)
Devolutions Server 0 < 2026.2.5
Devolutions Server 0 < 2026.1.21
