Known Vulnerabilities for products from Devolutions
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Devolutions".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-8407 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-6706 json | Improper access control in the vault documentation feature in Devolutions Server allows an authenticated attacker to read d... | Not Provided | 2026-04-28 | 2026-05-04 |
| CVE-2026-5175 json | Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated... | Not Provided | 2026-04-01 | 2026-04-03 |
| CVE-2026-5146 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-4989 json | Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated use... | Not Provided | 2026-04-01 | 2026-04-03 |
| CVE-2026-4927 json | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-4925 json | Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-e... | Not Provided | 2026-04-01 | 2026-04-03 |
| CVE-2026-4924 json | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-4829 json | Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authe... | Not Provided | 2026-04-01 | 2026-04-03 |
| CVE-2026-4828 json | Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker... | Not Provided | 2026-04-01 | 2026-04-03 |
| CVE-2026-4434 json | Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-m... | Not Provided | 2026-03-20 | 2026-03-30 |
| CVE-2026-4396 json | Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to per... | Not Provided | 2026-03-18 | 2026-03-30 |
| CVE-2026-3638 json | Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-pri... | Not Provided | 2026-03-09 | 2026-03-30 |
| CVE-2026-2590 json | Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remo... | Not Provided | 2026-03-03 | 2026-05-10 |
| CVE-2024-0589 json | 5.4 - MEDIUM | 2024-01-31 | 2024-02-03 | |
| CVE-2023-7047 json | 4.4 - MEDIUM | 2023-12-21 | 2024-01-04 | |
| CVE-2023-6264 json | 5.3 - MEDIUM | 2023-11-22 | 2023-12-01 | |
| CVE-2023-5766 json | A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remo... | 9.8 - CRITICAL | 2023-11-01 | 2023-11-09 |
| CVE-2023-5765 json | Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windo... | 9.8 - CRITICAL | 2023-11-01 | 2023-11-09 |
| CVE-2023-5575 json | Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that... | 6.5 - MEDIUM | 2023-10-16 | 2023-10-20 |
Known software with vulnerabilities from Devolutions
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Devolutions | Gfwx | - |