Devolutions Server Security Vulnerabilities and Issues — Page 3 of Devolutions Server CVE List

DevolutionsDevolutions Server

103 matches found

CVE•added 2026/03/09 6:51 p.m.•8 views

CVE-2026-3638

CVE-2026-3638 : Multiple sources (NVD, Red Hat, ENISA, CVE List) describe an improper access control flaw in Devolutions Server up to version 2025.3.11.0. A low-privileged, authenticated user can restore deleted users and roles via crafted API requests on the user/role restore endpoints. Document...

5.9CVSS5.8AI score0.00177EPSS

CVE•added 2026/04/28 1:11 p.m.•7 views

CVE-2026-6706

CVE-2026-6706 involves an improper access control flaw in the vault documentation feature of Devolutions Server up to 2026.1.14.0. An authenticated attacker can read documentation content from unauthorized vaults via a crafted API request. Affected component: vault documentation feature; root cau...

6.5CVSS5.2AI score0.00201EPSS

CVE•added 2026/04/01 3:2 p.m.•6 views

CVE-2026-4925

CVE-2026-4925 is supported by connected sources as an issue in Devolutions Server MFA management: from versions 2026.1.6 through 2026.1.11, an authenticated user can bypass administrator-enforced restrictions and remove their own MFA configuration via a crafted request. The Red Hat, NVD, ENISA, C...

5CVSS5.9AI score0.00194EPSS

Total number of security vulnerabilities103