CVE Vulnerabilities

CVE-2026-13372

Use of Incorrectly-Resolved Name or Reference

Published: Jun 26, 2026 | Modified: Jun 29, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another users context via a display name collision with an existing VPN script link.

Weakness

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

Affected Software

NameVendorStart VersionEnd Version
Remote_desktop_managerDevolutions2026.2.5.0 (including)2026.2.12.0 (including)

References