Improper Access Control in Devolutions Server Affecting Account Discovery Feature
CVE-2026-9522

5.4MEDIUM

Key Information:

Status
Vendor
CVE Published:
2 June 2026

What is CVE-2026-9522?

The vulnerability in Devolutions Server allows an authenticated user, without administrative privileges, to improperly manage network discovery scan configurations. Specifically, this flaw in the PAM account discovery feature enables unauthorized deletion of critical scan settings, potentially disrupting the network monitoring processes for legitimate users.

Affected Version(s)

Server 0 <= 2026.1.19

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.