Back to CVE List

CVE-2026-15637

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Description

Improper authorization in the PAM SSH key and certificate retrieval
endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an
authenticated low-privileged user to disclose the private key of an SSH
key or certificate PAM credential via a direct object reference to the
credential identifier.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-639
Source
NVD
Vendor
Devolutions
Product
Server

External References

Discussion (0)

Add Comment

No comments yet. Be the first!