PatchSiren cyber security CVE debrief
CVE-2026-12162 Devolutions CVE debrief
CVE-2026-12162 is an improper host validation vulnerability in the social login autofill feature of Devolutions Remote Desktop Manager 2026.2.8. This vulnerability allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain.
- Vendor
- Devolutions
- Product
- Remote Desktop Manager
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Devolutions Remote Desktop Manager 2026.2.8 should be aware of this vulnerability and take necessary actions to protect themselves.
Technical summary
The vulnerability is caused by improper host validation in the social login autofill feature. This allows an attacker to create a crafted web entry that points to a provider lookalike domain, potentially disclosing stored social login credentials.
Defensive priority
High
Recommended defensive actions
- Update Devolutions Remote Desktop Manager to the latest version.
- Use secure authentication methods.
- Monitor for suspicious activity.
Evidence notes
The CVE was published on 2026-06-16T01:16:23.937Z and has not been modified since then. The vendor is identified as Devolutions, based on evidence from reference_domain_candidate.
Official resources
-
CVE-2026-12162 CVE record
CVE.org
-
CVE-2026-12162 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-12162 was published on 2026-06-16T01:16:23.937Z.