Information Exposure in Devolutions Server Recovery Kit Feature
CVE-2026-15642
Currently unrated
What is CVE-2026-15642?
The Recovery Kit response file generation feature in Devolutions Server versions 2026.1.22.0 and 2026.2.11.0 presents a critical issue where sensitive information, specifically the Azure Key Vault client secret, can be inadvertently disclosed in cleartext. This occurs even if users have selected options intended to exclude sensitive data from being included in the generated response files. Attackers with access to these files can exploit this vulnerability to obtain critical supporting information that should be kept confidential.
Affected Version(s)
Server 0 < 2026.1.23
Server 0 < 2026.2.12
