CVE-2026-11890

Summary

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results.

Affected Software

VendorProductVersion RangeStatus
DevolutionsDevolutions Server0 < 2026.2.5affected
DevolutionsDevolutions Server0 < 2026.1.21affected

Weaknesses

  • CWE-882: CWE-882

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References