Detections
Analytics

Devolutions Remote Desktop Manager <= 2025.3.30 Sensitive Information Exposure (DEVO-2026-0005)

medium Nessus Plugin ID 301676

Synopsis

The Devolutions Remote Desktop Manager instance installed on the remote host is affected by a sensitive information exposure vulnerability.

Description

The version of Devolutions Remote Desktop Manager installed on the remote host is 2025.3.30 or earlier. It is, therefore, affected by a sensitive information exposure vulnerability:

 - Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by creating or editing certain connection types while password saving is disabled. (CVE-2026-2590)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Devolutions Remote Desktop Manager version 2026.1 or later.

See Also

https://devolutions.net/security/advisories/DEVO-2026-0005/

Plugin Details

Severity: Medium

ID: 301676

File Name: devolutions_remote_desktop_manager_DEVO-2026-0005.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 3/10/2026

Updated: 3/10/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2026-2590

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: x-cpe:/a:devolutions:remote_desktop_manager

Required KB Items: installed_sw/Devolutions Remote Desktop Manager

Patch Publication Date: 3/3/2026

Vulnerability Publication Date: 3/3/2026

Reference Information

CVE: CVE-2026-2590