Known Vulnerabilities for Devolutions Server by Devolutions
Listed below are 10 of the newest known vulnerabilities associated with "Devolutions Server" by "Devolutions".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-15642 json | Insertion of sensitive information into a file in the Recovery Kit response file generation feature in Devolutions Server 202... | Not Provided | 2026-07-14 | 2026-07-15 |
| CVE-2026-15641 json | Improper authorization in the access request status endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticat... | Not Provided | 2026-07-14 | 2026-07-15 |
| CVE-2026-15637 json | Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 all... | Not Provided | 2026-07-14 | 2026-07-15 |
| CVE-2026-15058 json | Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenti... | Not Provided | 2026-07-14 | 2026-07-15 |
| CVE-2026-14536 json | Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker wi... | Not Provided | 2026-07-06 | 2026-07-09 |
| CVE-2026-12755 json | Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an au... | Not Provided | 2026-06-25 | 2026-06-25 |
| CVE-2026-12117 json | Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault... | Not Provided | 2026-06-16 | 2026-06-17 |
| CVE-2026-12105 json | Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via fol... | Not Provided | 2026-06-16 | 2026-06-17 |
| CVE-2026-11890 json | Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated u... | Not Provided | 2026-06-16 | 2026-06-17 |
| CVE-2026-10787 json | Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enu... | Not Provided | 2026-06-08 | 2026-06-09 |