Input Validation Vulnerability in Devolutions Server by Devolutions
CVE-2026-3204

9.8CRITICAL

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 3 March 2026

🔔 Create Devolutions Vulnerability Alert

What is CVE-2026-3204?

An input validation vulnerability exists in Devolutions Server 2025.3.15 and earlier, where remote attackers can exploit this flaw to manipulate the error messages displayed to users. By sending specially crafted URLs, attackers can spoof the content of the error messages, potentially leading to misinformation or further exploitation of the application. This vulnerability emphasizes the importance of rigorous input validation practices to ensure the integrity and safety of user-facing content.

Affected Version(s)

Server 0 <= 2025.3.16

References

https://devolutions.net/security/advisories/DEVO-2026-0005

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2026
Vulnerability Reserved
Feb 25, 2026

CVE-2026-3204 Data

JSON