CVE-2026-13372
published 2026-06-26CVE-2026-13372: Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an…
PriorityP347high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.28%
19.5th percentile
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name collision with an existing VPN script link.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devolutions | remote_desktop_manager | >= 2026.2.5 < 2026.2.11 | 2026.2.11 |
| devolutions | remote_desktop_manager | 2026.2.5.0 – 2026.2.12.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a s
ghsa_unreviewed·2026-06-26
CVE-2026-13372 [HIGH] CWE-706 Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a s
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name collision with an existing VPN script link.
VulDB
Devolutions Remote Desktop Manager up to 2026.2.10 Powershell Script name resolution (DEVO-2026-0021)
vuldb·2026-06-26·CVSS 7.2
CVE-2026-13372 [HIGH] Devolutions Remote Desktop Manager up to 2026.2.10 Powershell Script name resolution (DEVO-2026-0021)
A vulnerability was found in Devolutions Remote Desktop Manager up to 2026.2.10. It has been rated as critical. This impacts an unknown function of the component Powershell Script Handler. The manipulation leads to incorrectly-resolved name.
This vulnerability is traded as CVE-2026-13372. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is advised.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-26
Published