Improper Authorization in Devolutions Server
CVE-2026-15641
Currently unrated
What is CVE-2026-15641?
An improper authorization vulnerability exists in the access request status endpoint of Devolutions Server versions 2026.2.11 and 2026.1.22. This flaw allows authenticated low-privileged users to approve their own pending access requests through direct calls to the request status endpoint, effectively bypassing the necessary approver review process. This could lead to unauthorized access and actions within the server environment, posing a significant security risk for users managing sensitive data.
Affected Version(s)
Server 0 < 2026.1.23
Server 0 < 2026.2.12
