Improper Access Control in Devolutions Server Affecting Account Discovery Feature
CVE-2026-9522

Currently unrated

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 2 June 2026

🔔 Create Devolutions Vulnerability Alert

What is CVE-2026-9522?

The vulnerability in Devolutions Server allows an authenticated user, without administrative privileges, to improperly manage network discovery scan configurations. Specifically, this flaw in the PAM account discovery feature enables unauthorized deletion of critical scan settings, potentially disrupting the network monitoring processes for legitimate users.

Affected Version(s)

Server 0 <= 2026.1.19

References

https://devolutions.net/security/advisories/DEVO-2026-0014/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
May 25, 2026

CVE-2026-9522 Data

JSON