CVE-2026-11890

EUVD-2026-37200
Improper access control in PAM account discovery results in Devolutions 
Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve 
account discovery scan results.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://devolutions.net/security/advisories/DEVO-2026-0017/