Devolutions Server vulnerabilities
104 known vulnerabilities affecting devolutions/devolutions_server.
Total CVEs
104
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH26MEDIUM60LOW9UNKNOWN3
Vulnerabilities
Page 6 of 6
CVE-2026-9248P4LOWCVSS 2.6fixed in 2025.3.22.0≥ 2026.1.6.0, < 2026.1.19.02026-05-22
CVE-2026-9248 [LOW] CWE-639 CVE-2026-9248: Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated
Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request.
This issue affects :
* Devolutions Server 2026.1.6.0 through 2026.1.16.0
* Devolutions Server 2025.3.20.0 and
nvd
CVE-2026-8477P4LOWCVSS 2.7fixed in 2025.3.22.0≥ 2026.1.6.0, < 2026.1.19.02026-05-22
CVE-2026-8477 [LOW] CWE-841 CVE-2026-8477: Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in D
Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request.
This issue affects :
* Devolutions Server 2026.1.6.0 through 2026.1.16
nvd
CVE-2023-2400P4LOWCVSS 2.7fixed in 2023.2.12023-06-20
CVE-2023-2400 [LOW] CWE-459 CVE-2023-2400: Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and ear
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
nvd
CVE-2026-9247P4LOWCVSS 2.4fixed in 2025.3.22.0≥ 2026.1.6.0, < 2026.1.19.02026-05-22
CVE-2026-9247 [LOW] CWE-778 CVE-2026-9247: Insufficient logging in the entry export feature in Devolutions Server allows an authenticated user
Insufficient logging in the entry export feature in Devolutions Server allows an authenticated user with export permissions to export a sealed entry without triggering the unseal notification to administrators via a crafted export request.
This issue affects :
* Devolutions Server 2026.1.6.0 through 2026.1.16.0
* Devolutions Server 2025.3.20.0 and earli
nvd
← Previous6 / 6