CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name collision with an existing VPN script link.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 19.5%

CVSS Severity

CVSS v3 Score 7.2

References

https://devolutions.net/security/advisories/DEVO-2026-0021/

Products affected by CVE-2026-13372

Devolutions » Remote Desktop Manager » Version: 2026.2.11.0

cpe:2.3:a:devolutions:remote_desktop_manager:2026.2.11.0
Devolutions » Remote Desktop Manager » Version: 2026.2.12.0

cpe:2.3:a:devolutions:remote_desktop_manager:2026.2.12.0
Devolutions » Remote Desktop Manager » Version: 2026.2.5.0

cpe:2.3:a:devolutions:remote_desktop_manager:2026.2.5.0
Devolutions » Remote Desktop Manager » Version: 2026.2.7.0

cpe:2.3:a:devolutions:remote_desktop_manager:2026.2.7.0
Devolutions » Remote Desktop Manager » Version: 2026.2.8.0

cpe:2.3:a:devolutions:remote_desktop_manager:2026.2.8.0
Devolutions » Remote Desktop Manager » Version: 2026.2.9.0

cpe:2.3:a:devolutions:remote_desktop_manager:2026.2.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-13372

Products

Pricing

Contact Us