CVE-2026-2590 Vault — Exploit & Vulnerability Details CRITICAL

CVE-2026-2590

CRITICAL CVSS 3.1: 9.8 EPSS 0.06%

Parameter	Value
CVSS	9.8 (CRITICAL)
Vendor	Vault
Public PoC	No

Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by creating or editing certain connection types while password saving is disabled.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

References 1

https://devolutions.net/security/advisories/DEVO-2026-0005

security@devolutions.net

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-34976

Vault

10.0

CVE-2026-33722

N8N

7.3

CVE-2026-32318

Apple

5.9

CVE-2026-32317

Google

5.9

CVE-2026-32310

Vault

5.3

Menu

CVE-2026-2590

Attack Parameters

Impact Assessment

CVSS Vector v3.1

References 1

Related Vulnerabilities

CVE-2026-34976

CVE-2026-33722

CVE-2026-32318

CVE-2026-32317

CVE-2026-32310

CVE Details

Editor's Choice

Menu

CVE-2026-2590

Attack Parameters

Impact Assessment

CVSS Vector v3.1

References 1

Related Vulnerabilities

CVE-2026-34976

CVE-2026-33722

CVE-2026-32318

CVE-2026-32317

CVE-2026-32310

CVE Details

Editor's Choice

Stay informed on cybersecurity