{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2590", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "state": "PUBLISHED", "assignerShortName": "DEVOLUTIONS", "dateReserved": "2026-02-16T15:57:08.878Z", "datePublished": "2026-03-03T21:22:34.114Z", "dateUpdated": "2026-05-10T12:55:59.865Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [{"lessThanOrEqual": "2025.3.30", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper\n enforcement of the Disable password saving in vaults setting in the \nconnection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, \npotentially exposing sensitive information to other users, by creating \nor editing certain connection types while password saving is disabled."}], "value": "Improper\n enforcement of the Disable password saving in vaults setting in the \nconnection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, \npotentially exposing sensitive information to other users, by creating \nor editing certain connection types while password saving is disabled."}], "providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-03-03T21:22:34.114Z"}, "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0005"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-295", "lang": "en", "description": "CWE-295 Improper Certificate Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T14:43:50.294559Z", "id": "CVE-2026-2590", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-10T12:55:59.865Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-2590", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-04T14:43:50.294559Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T14:44:03.284Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Devolutions", "product": "Remote Desktop Manager", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2025.3.30"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0005"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper\n enforcement of the Disable password saving in vaults setting in the \nconnection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, \npotentially exposing sensitive information to other users, by creating \nor editing certain connection types while password saving is disabled.", "supportingMedia": [{"type": "text/html", "value": "Improper\n enforcement of the Disable password saving in vaults setting in the \nconnection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, \npotentially exposing sensitive information to other users, by creating \nor editing certain connection types while password saving is disabled.", "base64": false}]}], "providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-03-03T21:22:34.114Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2590", "state": "PUBLISHED", "dateUpdated": "2026-05-10T12:55:59.865Z", "dateReserved": "2026-02-16T15:57:08.878Z", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "datePublished": "2026-03-03T21:22:34.114Z", "assignerShortName": "DEVOLUTIONS"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "7DE843BF-31DA-44EB-9ED5-4468B5DCC6C4", "versionEndIncluding": "2025.3.30.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper\n enforcement of the Disable password saving in vaults setting in the \nconnection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, \npotentially exposing sensitive information to other users, by creating \nor editing certain connection types while password saving is disabled."}, {"lang": "es", "value": "Aplicaci\u00f3n incorrecta de la configuraci\u00f3n Deshabilitar el guardado de contrase\u00f1as en b\u00f3vedas en el componente de entrada de conexi\u00f3n en Devolutions Remote Desktop Manager 2025.3.30 y versiones anteriores permite a un usuario autenticado persistir credenciales en entradas de b\u00f3veda, exponiendo potencialmente informaci\u00f3n sensible a otros usuarios, al crear o editar ciertos tipos de conexi\u00f3n mientras el guardado de contrase\u00f1as est\u00e1 deshabilitado."}], "id": "CVE-2026-2590", "lastModified": "2026-05-10T13:16:35.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-03T22:16:29.157", "references": [{"source": "security@devolutions.net", "tags": ["Vendor Advisory"], "url": "https://devolutions.net/security/advisories/DEVO-2026-0005"}], "sourceIdentifier": "security@devolutions.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2025.3.30]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Remote Desktop Manager", "source": "cna", "vendor": "Devolutions"}, "product": "remote_desktop_manager", "vendor": "devolutions"}], "created": "2026-03-04T14:53:46.335304+00:00", "updated": "2026-05-10T15:30:14.978401+00:00", "vendors": ["devolutions", "devolutions$PRODUCT$remote_desktop_manager"]}