CVE-2026-12117
Vulnerability Description
Improper access control in the social login connection endpoint in
Devolutions Server 2026.2.5 allows an authenticated vault member to
enumerate social login entry metadata to which they are not authorized
via a crafted API request.
Devolutions Server 2026.2.5 allows an authenticated vault member to
enumerate social login entry metadata to which they are not authorized
via a crafted API request.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-200
Source
NVD
Vendor
Devolutions
Product
Devolutions Server
Discussion (0)
Add Comment
No comments yet. Be the first!