Executive Summary

CVE-2026-12162 is a vulnerability in Devolutions Remote Desktop Manager version 2026.2.8 involving improper host validation in the social login autofill feature.

An attacker can exploit this vulnerability by creating a crafted web entry that points to a provider lookalike domain, which tricks the system into disclosing stored social login credentials.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to the disclosure of your stored social login credentials if an attacker successfully uses a crafted web entry pointing to a lookalike domain.

Such credential disclosure could allow unauthorized access to your social login accounts, potentially compromising your security and privacy.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Devolutions Remote Desktop Manager to version 2026.2.9.0 or higher.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows an attacker to disclose stored social login credentials by exploiting improper host validation. This could potentially lead to unauthorized access to personal or sensitive information.

Such unauthorized disclosure of credentials may impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding user credentials and personal data against unauthorized access.

However, the provided information does not explicitly state the direct impact on compliance with these standards.

Useful 0 Not Useful 0