CVE-2026-10544

Published: Giu 08, 2026 Last Modified: Giu 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider.

This issue affects :

* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Non-Repudiation

Potential Impacts:

Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Read Files Or Directories Modify Files Or Directories Read Application Data Modify Application Data Hide Activities

Applicable Platforms

Technologies: Not Technology-Specific, AI/ML, Web Server

Likelihood of Exploit: High

View CWE Details

https://devolutions.net/security/advisories/DEVO-2026-0015/

CVE-2026-10544

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter