QSearchQSearch

CVE-2026-12117

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to ...

Published: 2026-06-16 · Last updated: 2026-06-16

Severity and scoring

CWE
CWE-200

Description

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-12320 Information disclosure in the Password Manager component (4.3 MEDIUM)
  • CVE-2026-12311 Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
  • CVE-2026-50870 An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensi... (7.5 HIGH)
  • CVE-2026-39007 An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export ... (7.5 HIGH)
  • CVE-2026-8385 The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its d... (5.3 MEDIUM)