Known Vulnerabilities for products from Devolutions
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Devolutions".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5175 json | Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated... | Not Provided | 2026-04-01 | 2026-04-03 |
| CVE-2026-4989 json | Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated use... | Not Provided | 2026-04-01 | 2026-04-03 |
| CVE-2026-4927 json | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-4925 json | Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-e... | Not Provided | 2026-04-01 | 2026-04-03 |
| CVE-2026-4924 json | Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026.1.11 and earlier allows a... | Not Provided | 2026-04-01 | 2026-04-03 |
| CVE-2026-4829 json | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-4828 json | Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker... | Not Provided | 2026-04-01 | 2026-04-03 |
| CVE-2026-4434 json | Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-m... | Not Provided | 2026-03-20 | 2026-03-30 |
| CVE-2026-4396 json | Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to per... | Not Provided | 2026-03-18 | 2026-03-30 |
| CVE-2026-3638 json | Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-pri... | Not Provided | 2026-03-09 | 2026-03-30 |
| CVE-2024-0589 json | 5.4 - MEDIUM | 2024-01-31 | 2024-02-03 | |
| CVE-2023-7047 json | 4.4 - MEDIUM | 2023-12-21 | 2024-01-04 | |
| CVE-2023-6264 json | 5.3 - MEDIUM | 2023-11-22 | 2023-12-01 | |
| CVE-2023-5766 json | A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remo... | 9.8 - CRITICAL | 2023-11-01 | 2023-11-09 |
| CVE-2023-5765 json | Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windo... | 9.8 - CRITICAL | 2023-11-01 | 2023-11-09 |
| CVE-2023-5575 json | Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that... | 6.5 - MEDIUM | 2023-10-16 | 2023-10-20 |
| CVE-2023-5358 json | Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retri... | 5.3 - MEDIUM | 2023-11-01 | 2023-11-09 |
| CVE-2023-5240 json | Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permissi... | 7.5 - HIGH | 2023-10-13 | 2023-10-17 |
| CVE-2023-4417 json | Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versi... | 6.5 - MEDIUM | 2023-08-21 | 2023-08-25 |
| CVE-2023-4373 json | Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versio... | 9.8 - CRITICAL | 2023-08-21 | 2023-08-25 |
Known software with vulnerabilities from Devolutions
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Devolutions | Gfwx | - |