CVE-2026-12162
MEDIUMDescription
Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| devolutions | remote_desktop_manager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-12162? +
How severe is CVE-2026-12162? +
What products are affected by CVE-2026-12162? +
How do I check if I'm vulnerable to CVE-2026-12162? +
Related Vulnerabilities
Allow attackers to intercept or falsify data exchanges between the client and the server
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. …
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain …
It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the …
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, …
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName …