CVE Catalog

CVE-2026-12161

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials.

Risk Assessment

This vulnerability may lead to unauthorized access to remote systems, posing a serious security threat to the organization.

Recommendation

It is recommended to update to the latest version of Devolutions Remote Desktop Manager and review the permissions of users with access to the SSH Elevate Shell feature.

Original NVD description (English source)

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS