Improper Access Control in Devolutions Server Affects User Data Security
CVE-2026-12105

6.5MEDIUM

Key Information:

Vendor
CVE Published:
16 June 2026

What is CVE-2026-12105?

An improper access control vulnerability exists in Devolutions Server versions 2026.2.5 and 2026.1.21, which allows authenticated users to gain unauthorized access to attachments through folder duplication that improperly inherits permissions. This flaw could potentially expose sensitive user data, leading to significant security risks if exploited. Organizations using these versions are advised to assess their security posture and apply the necessary mitigations as outlined in Devolutions' security advisory.

Affected Version(s)

Devolutions Server 0 < 2026.2.5

Devolutions Server 0 < 2026.1.21

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.