Improper Multi-Factor Authentication Enforcement in Devolutions Server
CVE-2026-14536

Currently unrated

Key Information:

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2026-14536?

An issue exists in Devolutions Server 2026.2.9.0 where improper enforcement of multi-factor authentication policies allows attackers with valid user credentials to bypass the MFA requirement. This vulnerability stems from the handling of an invalid default MFA value, which could enable unauthorized authentication. Effective security measures and updates are essential to mitigate this risk and safeguard user accounts from potential exploitation.

Affected Version(s)

Server 2026.2.4 < 2026.2.9

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.