Vulnerability in Devolutions Server

CVE-2026-4434

Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification.

Vulnerability class: Improper Certificate Validation

EPSS: 0.000 (9.6th percentile) — read the EPSS interpretation.

Affected products

Devolutions Server — versions 0

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

References

devolutions.net/security/advisories/DEVO-2026-0005/