Vulnerability Details CVE-2026-12117
Improper access control in the social login connection endpoint in
Devolutions Server 2026.2.5 allows an authenticated vault member to
enumerate social login entry metadata to which they are not authorized
via a crafted API request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 7.7%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2026-12117
-
cpe:2.3:a:devolutions:devolutions_server:2026.2.4.0
-
cpe:2.3:a:devolutions:devolutions_server:2026.2.5.0