CVE Catalog

CVE-2026-2590

Critical
Published: Translated: NVD NIST

Summary

In Devolutions Remote Desktop Manager 2025.3.30 and earlier, there is improper enforcement of the Disable password saving in vaults setting. This allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users.

Risk Assessment

The organization may be at risk of exposing sensitive credential data, which could lead to unauthorized access to systems and data.

Recommendation

It is recommended to update Devolutions Remote Desktop Manager to the latest version to mitigate this vulnerability and review security settings related to password storage.

Original NVD description (English source)

Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by creating or editing certain connection types while password saving is disabled.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS