Devolutions Devolutions Server
17 CVEs affecting Devolutions Devolutions Server. Latest disclosed: 2026-06-16. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-11619 | High | 8.8 | 2025-10-15 | Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic. |
CVE-2023-0953 | High | 8.8 | 2023-03-01 | Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Inj… |
CVE-2023-0951 | High | 8.8 | 2023-03-01 | Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actio… |
CVE-2026-12105 | Medium | 6.5 | 2026-06-16 | Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited pe… |
CVE-2024-6512 | Medium | 6.5 | 2024-09-25 | Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to ap… |
CVE-2023-1201 | Medium | 6.5 | 2023-03-10 | Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UU… |
CVE-2023-0952 | Medium | 6.5 | 2023-03-01 | Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper aut… |
CVE-2023-0661 | Medium | 6.5 | 2023-02-12 | Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. |
CVE-2022-3781 | Medium | 6.5 | 2022-11-01 | Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and pri… |
CVE-2025-3517 | Medium | 6.3 | 2025-05-01 | Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured u… |
CVE-2023-2118 | Medium | 5.4 | 2023-04-21 | Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and d… |
CVE-2022-2316 | Medium | 5.4 | 2022-07-06 | HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to a… |
CVE-2023-5358 | Medium | 5.3 | 2023-11-01 | Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries th… |
CVE-2023-2445 | Medium | 4.9 | 2023-05-02 | Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrie… |
CVE-2026-12117 | Medium | 4.3 | 2026-06-16 | Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login… |
CVE-2026-11890 | Medium | 4.3 | 2026-06-16 | Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery… |
CVE-2026-1768 | Medium | 4.3 | 2026-02-24 | A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devoluti… |