1219 matches found
Devolutions Server < 2026.1.12 Multi-Factor Authentication Vulnerabilities (DEVO-2026-0010)
The version of Devolutions Server installed on the remote host is prior to 2026.1.12. It is, therefore, affected by multiple vulnerabilities: - Improper access control in the multi-factor authentication MFA management API allows an authenticated attacker to delete their own configured MFA factors...
EUVD-2026-17927
Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...
EUVD-2026-17923
Improper authentication in the two-factor authentication 2FA feature in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multifactor authentication and gain unauthorized access to the victim account via reuse of a partially authenticated session...
EUVD-2026-17921
Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow...
EUVD-2026-17919
Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...
CVE-2026-5175
Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...
CVE-2026-4924
Improper authentication in the two-factor authentication 2FA feature in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multifactor authentication and gain unauthorized access to the victim account via reuse of a partially authenticated session...
CVE-2026-4828
Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...
CVE-2026-4927
Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...
CVE-2026-4989
Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...
CVE-2026-4829
Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow...
CVE-2026-4989
Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...
CVE-2026-4989
The CVE-2026-4989 entry describes a vulnerability in Devolutions Server where improper input validation in the gateway health check enables a low-privilege authenticated user to trigger server-side request forgery (SSRF) and potentially disclose information. Affected versions include 2026.1.1–202...
CVE-2026-5175
The Devolutions Server MFA management API is affected by improper access control (CVE-2026-5175) allowing an authenticated attacker to delete their own MFA factors, lowering protection to password-only authentication. Affected versions are 2026.1.6 through 2026.1.11; remediation per the public ad...
CVE-2026-5175
Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...
CVE-2026-5175
Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...
CVE-2026-4925
Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication MFA configuration via a crafted request. This issue affects Server: from 2026.1.6 through 2026.1.11...
CVE-2026-4925
Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication MFA configuration via a crafted request. This issue affects Server: from 2026.1.6 through 2026.1.11...
CVE-2026-4925
CVE-2026-4925 is supported by connected sources as an issue in Devolutions Server MFA management: from versions 2026.1.6 through 2026.1.11, an authenticated user can bypass administrator-enforced restrictions and remove their own MFA configuration via a crafted request. The Red Hat, NVD, ENISA, C...
CVE-2026-4927
Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...