Vulnerability in Devolutions Devolutions_server
CVE-2026-9590
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission.
EPSS: 0.000 (8.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.
Affected products
- Devolutions Devolutions_server
- Devolutions Server — versions 0
Weakness classification (CWE)
References
- security@devolutions.net (Vendor Advisory)
Frequently asked questions
- What is CVE-2026-9590?
- CVE-2026-9590 is a medium-severity vulnerability in Devolutions Devolutions_server, classified under Improper Access Control. CVSS score: 5.3/10. Published 2026-06-02.
- How severe is CVE-2026-9590?
- Medium severity. CVSS v3 base score is 5.3 out of 10.