Improper Authentication Flaw in Devolutions Server by Devolutions
CVE-2026-4829

5.4MEDIUM

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 1 April 2026

🔔 Create Devolutions Vulnerability Alert

What is CVE-2026-4829?

An improper authentication vulnerability exists in the external OAuth authentication flow of Devolutions Server prior to version 2026.1.12. This flaw allows authenticated users to potentially impersonate other users, including system administrators, by reusing session codes obtained from external authentication flows. This security issue necessitates immediate attention to prevent unauthorized access and enhance user authentication practices.

Affected Version(s)

Server 0 <= 2026.1.11

References

https://devolutions.net/security/advisories/DEVO-2026-0010

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Mar 25, 2026

CVE-2026-4829 Data

JSON