CVE-2026-13372
Undergoing Analysis Undergoing Analysis - In Progress
Incorrect Link Resolution in Devolutions Remote Desktop Manager PowerShell VPN Editor

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Devolutions Inc.

Description
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name collision with an existing VPN script link.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-27
EPSS Evaluated
N/A
NVD
CVE-2026-13372
EUVD
EUVD-2026-39832
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
devolutions remote_desktop_manager From 2026.2.5 (inc) to 2026.2.11 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-706 The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-13372 is a vulnerability in Devolutions Remote Desktop Manager versions 2026.2.5 through 2026.2.11 involving incorrect link resolution by display name in the custom PowerShell VPN editor.

An authenticated attacker who has write access to a shared workspace can exploit this flaw by creating a display name collision with an existing VPN script link, which allows them to execute a PowerShell script in another user's context.

Impact Analysis

This vulnerability can impact you by allowing an attacker to execute PowerShell scripts in the context of another user, potentially compromising confidentiality, integrity, and availability of your system.

Since the attacker needs authenticated write access to a shared workspace, the risk is limited to environments where such access is granted, but exploitation can lead to unauthorized actions and potential system compromise.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Devolutions Remote Desktop Manager to version 2026.2.12.0 or higher.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13372. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart