Multi-Factor Authentication Bypass in Devolutions Server
CVE-2026-9047

7.6HIGH

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 22 May 2026

🔔 Create Devolutions Vulnerability Alert

What is CVE-2026-9047?

A security vulnerability exists in the multi-factor authentication management feature of Devolutions Server, where improper handling of the factor key state allows an attacker with knowledge of a user's password to potentially bypass multi-factor authentication. This could occur when the user reconfigures their authentication factors. It affects multiple versions of Devolutions Server, making it crucial for users to apply the necessary security updates to mitigate this risk.

Affected Version(s)

Server 2026.1.6.0 <= 2026.1.16.0

References

https://devolutions.net/security/advisories/DEVO-2026-0013/

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
May 19, 2026

CVE-2026-9047 Data

JSON