Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Devolutions Remote Desktop Manager Passwords Not Always Kept Private
CVE-2026-2590
Summary
Devolutions Remote Desktop Manager versions 2025.3.30 and earlier may not properly enforce the 'save password' option, allowing an authorized user to save sensitive information. This could expose passwords to other users. Update to the latest version to ensure passwords are kept secure.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| devolutions | remote_desktop_manager | <= 2025.3.30.0 | – |
Original title
Improper
enforcement of the Disable password saving in vaults setting in the
connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to...
Original description
Improper
enforcement of the Disable password saving in vaults setting in the
connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries,
potentially exposing sensitive information to other users, by creating
or editing certain connection types while password saving is disabled.
enforcement of the Disable password saving in vaults setting in the
connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries,
potentially exposing sensitive information to other users, by creating
or editing certain connection types while password saving is disabled.
nvd CVSS3.1
9.8
Vulnerability type
CWE-20
Improper Input Validation
- https://devolutions.net/security/advisories/DEVO-2026-0005 Vendor Advisory
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026