PatchSiren cyber security CVE debrief
CVE-2026-12755 Devolutions CVE debrief
CVE-2026-12755 is a low-severity vulnerability in Devolutions Server versions 2026.2.4.0 through 2026.2.7.0. The issue lies in the PAM AD discovery endpoints, where improper input validation allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host. This results in the exposure of PAM provider credentials as an NTLMv2 challenge-response via a crafted DomainName parameter. The vulnerability has a CVSS score of 2.7 and is considered low severity.
- Vendor
- Devolutions
- Product
- Server
- CVSS
- LOW 2.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-25
- Original CVE updated
- 2026-06-29
- Advisory published
- 2026-06-25
- Advisory updated
- 2026-06-29
Who should care
Administrators and security teams responsible for Devolutions Server installations should be aware of this vulnerability. Specifically, those with UserGroupsView permissions are at risk of being exploited. Additionally, security professionals monitoring for potential credential exposure and lateral movement within PAM environments should prioritize this issue.
Technical summary
The vulnerability exists in the PAM AD discovery endpoints of Devolutions Server. An authenticated user with UserGroupsView permission can manipulate the DomainName parameter to coerce server-side authentication to an attacker-controlled host. This results in the exposure of PAM provider credentials through an NTLMv2 challenge-response. The issue is due to improper input validation and has been assigned a CVSS score of 2.7, indicating low severity.
Defensive priority
Given the low severity and specific conditions required for exploitation, this vulnerability is not a high-priority issue. However, it should be addressed in the context of regular security updates and patch management for Devolutions Server.
Recommended defensive actions
- Apply the vendor-provided patch (DEVO-2026-0020) to update Devolutions Server to a version beyond 2026.2.7.0.
- Restrict UserGroupsView permissions to only necessary personnel.
- Monitor authentication logs for unusual activity related to PAM AD discovery endpoints.
- Implement additional monitoring for potential credential exposure and lateral movement within PAM environments.
- Review and update incident response plans to include potential credential coercion scenarios.
Evidence notes
The CVE record and NVD detail provide official information about the vulnerability. The vendor advisory (DEVO-2026-0020) offers mitigation and patch information. The vulnerability's low severity and specific exploitation conditions suggest that immediate action may not be critical, but it should be addressed in the context of regular security updates.
Official resources
-
CVE-2026-12755 CVE record
CVE.org
-
CVE-2026-12755 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
This article was generated with AI assistance based on the supplied source corpus.