By vendor
Devolutions vulnerabilities
Known CVEs affecting Devolutions products, prioritized by severity, with SEC.co remediation and detection guidance.
2 published vulnerabilities
- CVE-2026-9522MEDIUM 5.4
Devolutions Server versions 2026.1.19 and earlier contain an access control weakness in the PAM (Privileged Access Management) account discovery feature. An authenticated user without admin rights can delete network discovery scan configurations that they shouldn't be able to modify. This means non-privileged users can disrupt the organization's ability to discover and inventory network accounts, potentially hindering PAM operations and compliance visibility.
- CVE-2026-9590MEDIUM 5.3
Devolutions Server versions up to and including 2026.1.19 contain an access control weakness that allows authenticated users with permission to edit entries to modify asset information beyond their intended scope. An attacker with entry edit privileges can bypass the permission validation checks and alter assets they shouldn't be able to access, potentially compromising the integrity of credential and asset data within the server.