Security Vulnerabilities
Improper access control in PAM account discovery results in Devolutions
Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve
account discovery scan results.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-06-16
Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows
an authenticated user to access attachments via folder duplication with
inherited permissions.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-06-16
Improper access control in the social login connection endpoint in
Devolutions Server 2026.2.5 allows an authenticated vault member to
enumerate social login entry metadata to which they are not authorized
via a crafted API request.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-06-16
In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-06-16
In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-06-16
In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-06-16
In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-06-16
In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
3.3
EPSS Score
0.001
Published
2026-06-16
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-06-16
In numberOfReportBlocks of RtpSession.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-06-16