CVE-2026-15637
N/A
N/A
Summary
Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the credential identifier.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Devolutions | Server | 0 < 2026.1.23 | affected |
| Devolutions | Server | 0 < 2026.2.12 | affected |
Weaknesses
- CWE-639: CWE-639 Authorization bypass through User-Controlled key
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.