Improper Data Access in Devolutions Server - Major Product Vulnerability
CVE-2026-8477

2.7LOW

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 22 May 2026

🔔 Create Devolutions Vulnerability Alert

What is CVE-2026-8477?

An issue has been identified in Devolutions Server where improper enforcement of the sealed-entry workflow allows authenticated users to access sensitive data without the required audit notifications. This is done through crafted API requests that bypass security measures intended to protect sensitive information, potentially exposing critical data to unauthorized users. Affected versions include Devolutions Server 2026.1.6.0 to 2026.1.16.0 and 2025.3.20.0 or earlier.

Affected Version(s)

Server 2026.1.6.0 <= 2026.1.16.0

Server 0 <= 2025.3.20.0

References

https://devolutions.net/security/advisories/DEVO-2026-0013/

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-8477 Data

JSON