CVE-2026-3204

Improper input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL...

CVE-2026-3204

CVE-2026-3204 affects Devolutions Server 2025.3.15 and earlier. The vulnerability is due to improper input validation on the error message page, enabling remote attackers to spoof the displayed error message through a specially crafted URL. The description notes exploitation vectors via crafted U...

CVE-2026-3204

Improper input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL...

CVE-2026-3224

Affected software: Devolutions Server (versions 2025.3.15.0 and earlier). Vulnerability: Authentication bypass in Microsoft Entra ID (Azure AD) mode, allowing an unauthenticated user to impersonate any Entra ID user via a forged JWT. Documented behavior points to exploitation via the /api/v1/logi...

CVE-2026-3224

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

CVE-2026-3224

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

CVE-2026-3224

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.15 contained a security vulnerability caused by improper execution of...

PT-2026-22828

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.3.15 and earlier Description An issue exists in Devolutions Server where improper enforcement of behavioral controls can allow an authenticated attacker with delete permission to remove a Privileged Access...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.15.0 contained security vulnerabilities. These vulnerabilities stemmed fro...

PT-2026-22830

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.3.15.0 and earlier Description An authentication bypass exists in the Microsoft Entra ID Azure AD authentication mode. An unauthenticated user can authenticate as an arbitrary Entra ID user by using a forged JS...

PT-2026-22829

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.3.15 and earlier Description A flaw exists in the error message page that allows remote attackers to manipulate the displayed error message through a crafted URL. The issue is due to insufficient input...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.15 contained a security vulnerability. This vulnerability stemmed from...

CVE-2026-3221

Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user information via direct database access...

Devolutions Server < 2025.3.15 Multiple Vulnerabilities (DEVO-2026-0004)

The version of Devolutions Server installed on the remote host is prior to 2025.3.15. It is, therefore, affected by multiple vulnerabilities: - A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries. CVE-2026-1768 -...

CVE-2026-3131

Improper access control in multiple DVLS REST API endpoints in Devolutions Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data...

CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...

EUVD-2026-8707

Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user information via direct database access...

CVE-2026-3221

Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user information via direct database access...

CVE-2026-3221

Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user information via direct database access...