CVE-2026-10544
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk13th percentile - higher than 13% of all known CVEs
Summary
Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider.
Risk Assessment
This issue poses a serious security risk as it may lead to unauthorized access and potential takeover of systems.
Recommendation
It is recommended to update Devolutions Server to the latest version to mitigate this vulnerability and restrict vault access to trusted users.
Original NVD description (English source)
Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : * Devolutions Server 2026.2.4.0 * Devolutions Server 2026.1.20.0 and earlier

