Hashicorp CVE-2026-2590
CRITICALCVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by creating or editing certain connection types while password saving is disabled.
AnalysisAI
Insecure password saving enforcement in Devolutions Remote Desktop Manager 2025.3.
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Remote Desktop Manager 2025.3.30 and earlier deployments and restrict access to authorized administrators only. Within 7 days: Audit vault entries for unauthorized credential persistence and rotate all credentials stored in affected systems. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Cross-Site Request Forgery in the Two-factor Authentication (formerly IP Vault) WordPress plugin versions up to and incl
Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged
Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated
Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write acce
Share
External POC / Exploit Code
Leaving vuln.today