CVE-2026-12161
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials.
Risk Assessment
This vulnerability may lead to unauthorized access to remote systems, posing a serious security threat to the organization.
Recommendation
It is recommended to update to the latest version of Devolutions Remote Desktop Manager and review the permissions of users with access to the SSH Elevate Shell feature.
Original NVD description (English source)
Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action.

