{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12117", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "state": "PUBLISHED", "assignerShortName": "DEVOLUTIONS", "dateReserved": "2026-06-12T14:47:47.711Z", "datePublished": "2026-06-16T18:25:19.018Z", "dateUpdated": "2026-06-17T15:14:46.588Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-06-16T18:25:19.018Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-200", "description": "CWE-200", "type": "CWE"}]}], "affected": [{"vendor": "Devolutions", "product": "Devolutions Server", "versions": [{"status": "affected", "version": "2026.2.0", "lessThan": "2026.2.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper access control in the social login connection endpoint in \nDevolutions Server 2026.2.5 allows an authenticated vault member to \nenumerate social login entry metadata to which they are not authorized \nvia a crafted API request.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper access control in the social login connection endpoint in \nDevolutions Server 2026.2.5 allows an authenticated vault member to \nenumerate social login entry metadata to which they are not authorized \nvia a crafted API request."}]}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0017/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-17T15:14:42.590567Z", "id": "CVE-2026-12117", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T15:14:46.588Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-12117", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-17T15:14:42.590567Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T15:14:38.469Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Devolutions", "product": "Devolutions Server", "versions": [{"status": "affected", "version": "2026.2.0", "lessThan": "2026.2.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0017/"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Improper access control in the social login connection endpoint in \nDevolutions Server 2026.2.5 allows an authenticated vault member to \nenumerate social login entry metadata to which they are not authorized \nvia a crafted API request.", "supportingMedia": [{"type": "text/html", "value": "Improper access control in the social login connection endpoint in \nDevolutions Server 2026.2.5 allows an authenticated vault member to \nenumerate social login entry metadata to which they are not authorized \nvia a crafted API request.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200"}]}], "providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-06-16T18:25:19.018Z"}}}, "cveMetadata": {"cveId": "CVE-2026-12117", "state": "PUBLISHED", "dateUpdated": "2026-06-17T15:14:46.588Z", "dateReserved": "2026-06-12T14:47:47.711Z", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "datePublished": "2026-06-16T18:25:19.018Z", "assignerShortName": "DEVOLUTIONS"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control in the social login connection endpoint in \nDevolutions Server 2026.2.5 allows an authenticated vault member to \nenumerate social login entry metadata to which they are not authorized \nvia a crafted API request."}], "id": "CVE-2026-12117", "lastModified": "2026-06-16T20:41:35.520", "metrics": {}, "published": "2026-06-16T20:16:27.577", "references": [{"source": "security@devolutions.net", "url": "https://devolutions.net/security/advisories/DEVO-2026-0017/"}], "sourceIdentifier": "security@devolutions.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@devolutions.net", "type": "Secondary"}]}

{}