Back to overview

CVE-2026-15637

Description
Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the credential identifier.

Metadata

CVE ID
CVE-2026-15637
State
PUBLISHED
Assigner
DEVOLUTIONS
Reserved
2026-07-13 18:17 UTC
Published
2026-07-14 18:05 UTC
Last updated
2026-07-14 18:05 UTC
Primary CWE
CWE-639
CWE-639 Authorization bypass through User-Controlled key
Vendor / Product
Devolutions / Server
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Devolutions Server 0 < 2026.1.23, 0 < 2026.2.12
Weakness (CWE)
CWESourceDescription
CWE-639 cna CWE-639 Authorization bypass through User-Controlled key
Back to overview