Permission Cache Poisoning Vulnerability in Devolutions Server
CVE-2026-1768

4.3MEDIUM

Key Information:

Vendor

Devolutions

Status
Devolutions Server
Vendor
CVE Published:
24 February 2026

What is CVE-2026-1768?

A security flaw in Devolutions Server enables authenticated users to exploit a permission cache poisoning vulnerability. This allows them to bypass established permissions and gain unauthorized access to sensitive entries within the server. Affected versions are those prior to 2025.3.15, necessitating an immediate response from server administrators to protect their environments.

Affected Version(s)

Devolutions Server 0 < 2025.3.15

References

https://devolutions.net/security/advisories/DEVO-2026-0004/

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.