{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12162", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "state": "PUBLISHED", "assignerShortName": "DEVOLUTIONS", "dateReserved": "2026-06-12T19:19:57.058Z", "datePublished": "2026-06-15T23:56:59.391Z", "dateUpdated": "2026-06-15T23:57:40.218Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-06-15T23:57:40.218Z"}, "affected": [{"vendor": "Devolutions", "product": "Remote Desktop Manager", "versions": [{"status": "affected", "version": "2026.2.0", "lessThanOrEqual": "2026.2.8", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper host validation in the social login autofill feature in \nDevolutions Remote Desktop Manager 2026.2.8 allows an attacker to \ndisclose stored social login credentials via a crafted web entry \npointing to a provider lookalike domain.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper host validation in the social login autofill feature in \nDevolutions Remote Desktop Manager 2026.2.8 allows an attacker to \ndisclose stored social login credentials via a crafted web entry \npointing to a provider lookalike domain."}]}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0018/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{}

{}

{}

{}