Devolutions: >> Devolutions Server >> 2025.3.22.0 Security Vulnerabilities
Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-06-02
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-06-02
Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-05-22
Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-04-01
Improper certificate validation in the PAM propagation WinRM connections
allows a network attacker to perform a man-in-the-middle attack via
disabled TLS certificate verification.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-03-20