Improper Authorization in Devolutions Server Affects SSH Key Retrieval
CVE-2026-15637
Currently unrated
What is CVE-2026-15637?
The Devolutions Server contains an improper authorization vulnerability within its PAM SSH key and certificate retrieval endpoints. This flaw permits an authenticated low-privileged user to exploit a direct object reference to access sensitive private keys of SSH credentials. The affected versions include Devolutions Server 2026.2.11 and 2026.1.22, emphasizing the need for users to review their permission settings and implement recommended security measures.
Affected Version(s)
Server 0 < 2026.1.23
Server 0 < 2026.2.12
