Auth bypass in Devolutions Server

CVE-2026-4925

Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication (MFA) configuration via a crafted request. …

Vulnerability class: Broken Access Control

EPSS: 0.001 (16.9th percentile) — read the EPSS interpretation.