CVE-2026-13372
Published: 26 June 2026
Summary
CVE-2026-13372 is a high-severity Use of Incorrectly-Resolved Name or Reference (CWE-706) vulnerability in Devolutions Remote Desktop (inferred from references). Its CVSS base score is 7.2 (High).
Operationally, ranked at the 19.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-39832
Vulnerability details
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context…
more
via a display name collision with an existing VPN script link.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.