CVE-2026-11890
Analyzed
Analyzed - Analysis Complete
Improper Access Control in Devolutions Server
Vulnerability report for CVE-2026-11890, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-16
Last updated on: 2026-06-18
Assigner: Devolutions Inc.
Description
Description
Improper access control in PAM account discovery results in Devolutions
Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve
account discovery scan results.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| devolutions | devolutions_server | From 2026.2.4.0 (inc) to 2026.2.7.0 (exc) |
| devolutions | devolutions_server | to 2026.1.22.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-882 |