Detections
Analytics

Devolutions Remote Desktop Manager <= 2026.2.8 Improper Host Validation (DEVO-2026-0018)(CVE-2026-12162)

low Nessus Plugin ID 321521

Synopsis

The Devolutions Remote Desktop Manager instance installed on the remote host is affected by an improper host validation vulnerability.

Description

The version of Devolutions Remote Desktop Manager installed on the remote host is 2025.2.8 or earlier. It is, therefore, affected by an improper host validation vulnerability:

 - Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain. (CVE-2026-12162)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Devolutions Remote Desktop Manager version 2026.2.9 or later.

See Also

https://devolutions.net/security/advisories/DEVO-2026-0018/

Plugin Details

Severity: Low

ID: 321521

File Name: devolutions_remote_desktop_manager_CVE-2026-12162.nasl

Version: 1.1

Type: Local

Agent: windows

Family: Windows

Published: 6/18/2026

Updated: 6/18/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CVSS v4

Risk Factor: Low

Base Score: 2

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:devolutions:remote_desktop_manager

Required KB Items: installed_sw/Devolutions Remote Desktop Manager

Patch Publication Date: 6/12/2026

Vulnerability Publication Date: 6/12/2026

Reference Information

CVE: CVE-2026-12162

IAVB: 2026-B-0155