Improper Access Control in Devolutions Server Affects Credentials Security
CVE-2026-10786

6.5MEDIUM

Key Information:

Status
Vendor
CVE Published:
8 June 2026

What is CVE-2026-10786?

The improper access control vulnerability within Devolutions Server permits an authenticated low-privileged user to exploit the ticketing integration settings. By crafting specific API requests, the user can gain unauthorized access to cleartext credentials for configured ticketing integrations. This flaw exposes sensitive information and highlights the need for enhanced security measures in access permissions for API functionalities.

Affected Version(s)

Server 2026.2.4.0

Server 0 <= 2026.1.20.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.