105 matches found
CVE-2026-3221
CVE-2026-3221 affects Devolutions Server, specifically versions 2025.3.14 and earlier. The root cause is unencrypted storage of sensitive user account information in the database, enabling an attacker with direct database access to obtain sensitive data. Impact is information disclosure; exploita...
CVE-2026-3638
CVE-2026-3638 : Multiple sources (NVD, Red Hat, ENISA, CVE List) describe an improper access control flaw in Devolutions Server up to version 2025.3.11.0. A low-privileged, authenticated user can restore deleted users and roles via crafted API requests on the user/role restore endpoints. Document...
CVE-2026-4989
The CVE-2026-4989 entry describes a vulnerability in Devolutions Server where improper input validation in the gateway health check enables a low-privilege authenticated user to trigger server-side request forgery (SSRF) and potentially disclose information. Affected versions include 2026.1.1–202...
CVE-2026-6706
CVE-2026-6706 involves an improper access control flaw in the vault documentation feature of Devolutions Server up to 2026.1.14.0. An authenticated attacker can read documentation content from unauthorized vaults via a crafted API request. Affected component: vault documentation feature; root cau...
CVE-2026-4925
CVE-2026-4925 is supported by connected sources as an issue in Devolutions Server MFA management: from versions 2026.1.6 through 2026.1.11, an authenticated user can bypass administrator-enforced restrictions and remove their own MFA configuration via a crafted request. The Red Hat, NVD, ENISA, C...