QSearchQSearch

CVE-2026-12161

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user ...

Published: 2026-06-16 · Last updated: 2026-06-16

Severity and scoring

CWE
CWE-78

Description

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-48723 The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack (7.8 HIGH)
  • CVE-2026-9863 Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client in... (7.5 HIGH)
  • CVE-2026-9862 Fortra's  Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service (9.8 CRITICAL)
  • CVE-2026-11527 Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument... (8.6 HIGH)
  • CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle (9.8 CRITICAL)