Improper Authorization Vulnerability in Devolutions Server
CVE-2026-15058
Currently unrated
What is CVE-2026-15058?
An improper authorization vulnerability exists in the secure messages deletion endpoint of Devolutions Server versions 2026.2.11 and 2026.1.22. This flaw allows authenticated users to delete other users' messages by exploiting a direct object reference to the message identifier. Attackers can leverage this weakness to compromise user confidentiality and integrity by removing messages without proper authorization.
Affected Version(s)
Server 0 < 2026.1.23
Server 0 < 2026.2.12
