A vulnerability classified as critical has been found in Devolutions Server up to 2026.1.20/2026.2.4 . Affected is an unknown function of the component Attachments Handler . The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-12105 . The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.