SSRF in Devolutions Server

CVE-2026-4989

Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery (SSRF), potentially leading to information disclosure, via a crafted API…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (10.5th percentile) — read the EPSS interpretation.