CVE 8.8 HIGH

CVE-2026-12161_CVE-2026-12161

June 16, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Improper input validation in the SSH Elevate Shell feature in
Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user
with permission to create or modify a shared SSH entry to execute
arbitrary commands on a remote SSH host using stored elevation
credentials via a crafted alternate username and user interaction with
the Elevate Shell action.

AI Analysis

Improper input validation in the SSH Elevate Shell feature allows an authenticated user to execute arbitrary commands on a remote SSH host

Basic Information

ID CVE-2026-12161

Source DEVOLUTIONS

Published Jun 15, 2026 at 23:55

Modified Jun 16, 2026 at 15:00

Affected Product

Vendor Devolutions

Product Remote Desktop Manager

Version 2026.2.7

Affected Versions Devolutions Remote Desktop Manager 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Devolutions

Product Remote Desktop Manager

Version 2026.2.7

References

devolutions.net /security/advisories/DEVO-2026-0018/

{
    "lastseen": "",
    "description": "Improper input validation in the SSH Elevate Shell feature in \nDevolutions Remote Desktop Manager 2026.2.7 allows an authenticated user\n with permission to create or modify a shared SSH entry to execute \narbitrary commands on a remote SSH host using stored elevation \ncredentials via a crafted alternate username and user interaction with \nthe Elevate Shell action.",
    "published": "2026-06-15T23:55:24.745Z",
    "modified": "2026-06-16T15:00:25.327Z",
    "type": "cve",
    "title": "CVE-2026-12161",
    "source": "DEVOLUTIONS",
    "references": "https://devolutions.net/security/advisories/DEVO-2026-0018/",
    "id": "CVE-2026-12161",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Devolutions Remote Desktop Manager 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Remote Desktop Manager",
    "version": "2026.2.7",
    "vendor": "Devolutions",
    "ai_description": "Improper input validation in the SSH Elevate Shell feature allows an authenticated user to execute arbitrary commands on a remote SSH host",
    "ai_severity": "High",
    "ai_vendor": "Devolutions",
    "ai_product": "Remote Desktop Manager",
    "ai_version": "2026.2.7",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply