CVE-2026-12161 | THREATINT

Description

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action.

PUBLISHED Reserved 2026-06-12 | Published 2026-06-15 | Updated 2026-06-16 | Assigner DEVOLUTIONS

Problem types

CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')

Product status

Default status

unaffected

Any version

affected

References

devolutions.net/security/advisories/DEVO-2026-0018/

cve.org (CVE-2026-12161)

nvd.nist.gov (CVE-2026-12161)

Download JSON