Auth bypass in Devolutions Server

CVE-2026-5175

Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication…

Vulnerability class: Broken Access Control

EPSS: 0.000 (1.2th percentile) — read the EPSS interpretation.