Improper Input Validation in Devolutions Remote Desktop Manager
CVE-2026-12161

8.8HIGH

Key Information:

Vendor
CVE Published:
15 June 2026

What is CVE-2026-12161?

The SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 contains an improper input validation flaw. This vulnerability allows an authenticated user with sufficient permissions to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host. This can be accomplished by leveraging stored elevation credentials along with a crafted alternate username, and requires user interaction with the Elevate Shell action to exploit. This opens up significant security risks, emphasizing the importance of rigorous input validation measures.

Affected Version(s)

Remote Desktop Manager 0 <= 2026.2.7

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.