Improper Access Control in Devolutions Server Affects Asset Management
CVE-2026-9590

Currently unrated

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 2 June 2026

🔔 Create Devolutions Vulnerability Alert

What is CVE-2026-9590?

An improper access control vulnerability in the permission validation component of Devolutions Server allows authenticated users, who possess entry edit privileges, to modify asset information without appropriate authorization. This flaw exists in Devolutions Server version 2026.1.19 and earlier, posing significant risks to asset management integrity. Users are advised to review their permissions and update to the latest version to mitigate potential security issues.

Affected Version(s)

Server 0 <= 2026.1.19

References

https://devolutions.net/security/advisories/DEVO-2026-0014/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
May 26, 2026

CVE-2026-9590 Data

JSON