Improper Access Control in Devolutions Server Affects Credentials Security
CVE-2026-10786
6.5MEDIUM
What is CVE-2026-10786?
The improper access control vulnerability within Devolutions Server permits an authenticated low-privileged user to exploit the ticketing integration settings. By crafting specific API requests, the user can gain unauthorized access to cleartext credentials for configured ticketing integrations. This flaw exposes sensitive information and highlights the need for enhanced security measures in access permissions for API functionalities.
Affected Version(s)
Server 2026.2.4.0
Server 0 <= 2026.1.20.0
