Improper Enforcement in Devolutions Remote Desktop Manager
CVE-2026-2590

9.8CRITICAL

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 3 March 2026

🔔 Create Devolutions Vulnerability Alert

What is CVE-2026-2590?

The vulnerability in Devolutions Remote Desktop Manager arises from the improper enforcement of the Disable password saving setting within the connection entry component. This flaw allows an authenticated user to save credentials to vault entries even when password saving is disabled. By manipulating connection types, users may inadvertently expose sensitive information to others, leading to unauthorized access and potential data breaches.

Affected Version(s)

Remote Desktop Manager 0 <= 2025.3.30

References

https://devolutions.net/security/advisories/DEVO-2026-0005

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2026
Vulnerability Reserved
Feb 16, 2026

CVE-2026-2590 Data

JSON