CVE-2026-9248

CVSS 2.6 LOWEPSS 0.1%CWE-639

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Produtos afetados

Devolutions · Server

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://devolutions.net/security/advisories/DEVO-2026-0013/