CVE-2026-2590
Modified Modified - Updated After Analysis
Improper Access Control in Devolutions RDM Vaults Allows Credential Persistence

Publication date: 2026-03-03

Last updated on: 2026-05-10

Assigner: Devolutions Inc.

Description
Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by creating or editing certain connection types while password saving is disabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-03
Last Modified
2026-05-10
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2590
EUVD
EUVD-2026-9331
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
devolutions remote_desktop_manager to 2025.3.30.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves improper enforcement of the 'Disable password saving in vaults' setting in the connection entry component of Devolutions Remote Desktop Manager version 2025.3.30 and earlier.

An authenticated user can bypass this setting and persist credentials in vault entries by creating or editing certain connection types, even when password saving is supposed to be disabled.

This means that passwords can be saved unintentionally, potentially exposing sensitive information.

Impact Analysis

The vulnerability can allow an authenticated user to save credentials in vault entries despite the setting to disable password saving.

This could lead to sensitive information, such as passwords, being exposed to other users who have access to the vault entries.

As a result, unauthorized users might gain access to credentials they should not have, increasing the risk of unauthorized access to systems.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2590. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart