CVE-2026-11890 PUBLISHED

Assigner: DEVOLUTIONS
Reserved: 10.06.2026 Published: 16.06.2026 Updated: 16.06.2026

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results.

Product Status

Vendor	Devolutions
Product	Devolutions Server
Versions	Default: unaffected affected from 0 to 2026.2.5 (excl.) affected from 0 to 2026.1.21 (excl.)

References

https://devolutions.net/security/advisories/DEVO-2026-0017/

Problem Types

CWE-882 CWE