CVE-2026-13372 Devolutions CVE debrief

Who should care

Administrators and users of Devolutions Remote Desktop Manager, especially those with shared workspaces, should be aware of this vulnerability. Authenticated attackers with write access could exploit this issue to execute PowerShell scripts in other users' contexts, potentially leading to unauthorized actions within the application.

Technical summary

The vulnerability is caused by the custom PowerShell VPN editor's incorrect handling of display names for VPN script links. When a user with write access to a shared workspace creates a VPN script link with a display name that collides with an existing link, the editor incorrectly resolves the link. This allows an attacker to execute a PowerShell script in the context of another user who has accessed the shared workspace. The issue is addressed in version 2026.2.12 of Remote Desktop Manager.

Defensive priority

High priority should be given to updating Devolutions Remote Desktop Manager to version 2026.2.12 or later. In the meantime, restricting write access to shared workspaces and closely monitoring VPN script link creations and modifications can help mitigate the risk.

Recommended defensive actions

• Update Devolutions Remote Desktop Manager to version 2026.2.12 or later.
• Restrict write access to shared workspaces to trusted users.
• Monitor VPN script link creations and modifications for suspicious activity.
• Implement additional logging and auditing for PowerShell script executions.
• Consider using alternative VPN editors or workarounds until the update is applied.

Evidence notes

The CVE record and NVD detail provide official information about the vulnerability. The vendor advisory from Devolutions offers mitigation and patch information. The vulnerability's CVSS score and vector indicate a high severity level.

Official resources