What is CVE-2026-11890?

CVE-2026-11890 is a medium-severity vulnerability in Devolutions Server, classified under CWE-882. CVSS score: 4.3/10. Published 2026-06-16.

How severe is CVE-2026-11890?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Devolutions Server

CVE-2026-11890

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Devolutions Server — versions 0

Weakness classification (CWE)

CWE-882
CWE-284 — Improper Access Control

References

security@devolutions.net

Frequently asked questions

What is CVE-2026-11890?: CVE-2026-11890 is a medium-severity vulnerability in Devolutions Server, classified under CWE-882. CVSS score: 4.3/10. Published 2026-06-16.
How severe is CVE-2026-11890?: Medium severity. CVSS v3 base score is 4.3 out of 10.