CVE-2026-12162 | THREATINT

Description

Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain.

PUBLISHED Reserved 2026-06-12 | Published 2026-06-15 | Updated 2026-06-16 | Assigner DEVOLUTIONS

Product status

Default status

unaffected

2026.2.0 (custom)

affected

References

devolutions.net/security/advisories/DEVO-2026-0018/

cve.org (CVE-2026-12162)

nvd.nist.gov (CVE-2026-12162)

Download JSON