Description
Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- Devolutions / Remote Desktop Manager2026.2.0 – 2026.2.8
References
- VENDOR_ADVISORYhttps://devolutions.net/security/advisories/DEVO-2026-0018/