Known Vulnerabilities for products from Devolutions
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Devolutions".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5175 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-4989 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-4927 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-4925 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-4924 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-4829 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-4828 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-4434 | Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-m... | Not Provided | 2026-03-20 | 2026-03-30 |
| CVE-2026-4396 | Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to per... | Not Provided | 2026-03-18 | 2026-03-30 |
| CVE-2026-3638 | Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-pri... | Not Provided | 2026-03-09 | 2026-03-30 |
| CVE-2022-23849 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.6 - MEDIUM | 2022-03-03 | 2023-08-08 |
| CVE-2021-42098 | An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass p... | 8.8 - HIGH | 2021-10-18 | 2021-10-21 |
| CVE-2021-36382 | Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-mi... | 3.7 - LOW | 2021-07-12 | 2022-07-12 |
| CVE-2021-28157 | An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrati... | 7.2 - HIGH | 2021-04-14 | 2021-04-21 |
| CVE-2021-28048 | An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a rem... | 6.5 - MEDIUM | 2021-04-14 | 2021-04-21 |
| CVE-2021-28047 | Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authen... | 5.4 - MEDIUM | 2021-04-01 | 2021-04-06 |
| CVE-2021-23925 | An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries o... | 6.1 - MEDIUM | 2021-04-01 | 2021-04-06 |
| CVE-2021-23924 | An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic file... | 7.5 - HIGH | 2021-04-01 | 2021-04-06 |
| CVE-2021-23923 | An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. | 8.1 - HIGH | 2021-04-01 | 2021-04-06 |
| CVE-2021-23922 | An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnera... | 5.4 - MEDIUM | 2021-04-01 | 2021-04-06 |
Known software with vulnerabilities from Devolutions
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Devolutions | Gfwx | - |