{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12117", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "state": "PUBLISHED", "assignerShortName": "DEVOLUTIONS", "dateReserved": "2026-06-12T14:47:47.711Z", "datePublished": "2026-06-16T18:25:19.018Z", "dateUpdated": "2026-06-16T18:25:19.018Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-06-16T18:25:19.018Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-200", "description": "CWE-200", "type": "CWE"}]}], "affected": [{"vendor": "Devolutions", "product": "Devolutions Server", "versions": [{"status": "affected", "version": "2026.2.0", "lessThan": "2026.2.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper access control in the social login connection endpoint in \nDevolutions Server 2026.2.5 allows an authenticated vault member to \nenumerate social login entry metadata to which they are not authorized \nvia a crafted API request.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper access control in the social login connection endpoint in \nDevolutions Server 2026.2.5 allows an authenticated vault member to \nenumerate social login entry metadata to which they are not authorized \nvia a crafted API request."}]}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0017/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control in the social login connection endpoint in \nDevolutions Server 2026.2.5 allows an authenticated vault member to \nenumerate social login entry metadata to which they are not authorized \nvia a crafted API request."}], "id": "CVE-2026-12117", "lastModified": "2026-06-16T20:41:35.520", "metrics": {}, "published": "2026-06-16T20:16:27.577", "references": [{"source": "security@devolutions.net", "url": "https://devolutions.net/security/advisories/DEVO-2026-0017/"}], "sourceIdentifier": "security@devolutions.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@devolutions.net", "type": "Secondary"}]}

{}

{}