CVE-2026-12117

EUVD-2026-37202
Improper access control in the social login connection endpoint in 
Devolutions Server 2026.2.5 allows an authenticated vault member to 
enumerate social login entry metadata to which they are not authorized 
via a crafted API request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://devolutions.net/security/advisories/DEVO-2026-0017/