Improper Input Validation in Devolutions Remote Desktop Manager
CVE-2026-12161
8.8HIGH
What is CVE-2026-12161?
The SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 contains an improper input validation flaw. This vulnerability allows an authenticated user with sufficient permissions to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host. This can be accomplished by leveraging stored elevation credentials along with a crafted alternate username, and requires user interaction with the Elevate Shell action to exploit. This opens up significant security risks, emphasizing the importance of rigorous input validation measures.
Affected Version(s)
Remote Desktop Manager 0 <= 2026.2.7
