Vulnerability in Devolutions Server
CVE-2026-4828
Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request.
EPSS: 0.001 (16.3th percentile) — read the EPSS interpretation.
Affected products
- Devolutions Server — versions 0