CRITICAL
Devolutions
CVE published 2026-03-03
CVE-2026-2590
CVE-2026-2590 is a critical vulnerability in Devolutions Remote Desktop Manager 2025.3.30 and earlier where the "Disable password saving in vaults" setting is not properly enforced in the connection entry component. As described by the vendor and reflected by NVD, this can allow credentials to be stored in vault entries anyway, potentially exposing sensitive information to other users.