Vulnerability in Devolutions Devolutions_server
CVE-2026-5171
Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request. Thi…
EPSS: 0.000 (8.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Devolutions Devolutions_server
- Devolutions Server — versions 2026.1.6.0, 0
Weakness classification (CWE)
References
- security@devolutions.net (Vendor Advisory)
Frequently asked questions
- What is CVE-2026-5171?
- CVE-2026-5171 is a medium-severity vulnerability in Devolutions Devolutions_server, classified under Improper Access Control. CVSS score: 4.3/10. Published 2026-05-22.
- How severe is CVE-2026-5171?
- Medium severity. CVSS v3 base score is 4.3 out of 10.