Sensitive Data Exposure in Devolutions Server Affects User Accounts
CVE-2026-3221

4.9MEDIUM

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 25 February 2026

🔔 Create Devolutions Vulnerability Alert

What is CVE-2026-3221?

Devolutions Server, up to version 2025.3.14, has a vulnerability where sensitive user account information is stored unencrypted in the database. This lack of encryption potentially allows unauthorized users with database access to retrieve sensitive user information directly, heightening the risk of data breaches and unauthorized access to confidential data. It is crucial for organizations using this software to implement security measures to safeguard their databases against unauthorized access.

Affected Version(s)

Server 0 < 2025.3.15

References

https://devolutions.net/security/advisories/DEVO-2026-0004/

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2026
Vulnerability Reserved
Feb 25, 2026

CVE-2026-3221 Data

JSON