CVE-2026-11890 | THREATINT

Description

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results.

PUBLISHED Reserved 2026-06-10 | Published 2026-06-16 | Updated 2026-06-16 | Assigner DEVOLUTIONS

Problem types

CWE-882

Product status

Default status

unaffected

Any version before 2026.2.5

affected

Any version before 2026.1.21

affected

References

devolutions.net/security/advisories/DEVO-2026-0017/

cve.org (CVE-2026-11890)

nvd.nist.gov (CVE-2026-11890)

Download JSON