Improper Access Control in Devolutions Server Affects Asset Management
CVE-2026-9590

5.3MEDIUM

Key Information:

Status
Vendor
CVE Published:
2 June 2026

What is CVE-2026-9590?

An improper access control vulnerability in the permission validation component of Devolutions Server allows authenticated users, who possess entry edit privileges, to modify asset information without appropriate authorization. This flaw exists in Devolutions Server version 2026.1.19 and earlier, posing significant risks to asset management integrity. Users are advised to review their permissions and update to the latest version to mitigate potential security issues.

Affected Version(s)

Server 0 <= 2026.1.19

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.