Improper Authorization Vulnerability in Devolutions Server
CVE-2026-15058

Currently unrated

Key Information:

Status
Vendor
CVE Published:
14 July 2026

What is CVE-2026-15058?

An improper authorization vulnerability exists in the secure messages deletion endpoint of Devolutions Server versions 2026.2.11 and 2026.1.22. This flaw allows authenticated users to delete other users' messages by exploiting a direct object reference to the message identifier. Attackers can leverage this weakness to compromise user confidentiality and integrity by removing messages without proper authorization.

Affected Version(s)

Server 0 < 2026.1.23

Server 0 < 2026.2.12

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.