CVE Catalog

CVE-2026-12105

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

Improper access control in Devolutions Server 2026.2.5 and 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive data, potentially leading to information leaks or privacy violations.

Recommendation

It is recommended to review and adjust access permissions for folders and to update to the latest version of the software to minimize risk.

Original NVD description (English source)

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS