Cyber Resilience

CVE-2026-12161

HighRCE

Published: 16 June 2026

Published
16 June 2026
Modified
17 June 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0029 21.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-12161 is a high-severity OS Command Injection (CWE-78) vulnerability in Devolutions Remote Desktop Manager. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 21.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored…

more

elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

CWE-78 OS command injection in SSH Elevate Shell directly enables arbitrary command execution on remote host via Unix shell.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

devolutions
remote desktop manager
≤ 2026.2.8.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References