Question 1

What is CVE-2026-12117 — CVE-2026-12117?

Accepted Answer

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request.

Question 2

What is the authoritative source for CVE-2026-12117?

Accepted Answer

CVE-2026-12117 (CVE-2026-12117) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	4.3 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS	0.18% probability of exploitation · percentile 7.3% · 2026-06-18T12:00:27Z
Last modified	2026-06-18

CVE-2026-12117CVE-2026-12117

Description

Scoring