Auth bypass in Devolutions Server
CVE-2026-4829
Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an extern…
Vulnerability class: Broken Authentication
EPSS: 0.000 (13.6th percentile) — read the EPSS interpretation.
Affected products
- Devolutions Server — versions 0