CVE-2026-4927

Medium CVSS: 6.5

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request.

This issue affects Server: from 2026.1.6 through 2026.1.11.

Vendor

Devolutions

Product

Devolutions Server

CWE

CWE-201

Yayın Tarihi

2026-04-01 16:23:51

Güncelleme

2026-04-03 19:14:03

Source Identifier

security@devolutions.net

KEV Date Added

Kategoriler

CWE-201 Devolutions Server MEDIUM Devolutions 2026

Referanslar

https://devolutions.net/security/advisories/DEVO-2026-0010

Benzer Kayıtlar

Medium

CVE-2026-5175

Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenti…

High

CVE-2026-4828

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote att…

Medium

CVE-2026-4829

Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an…

High

CVE-2026-4924

Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026.1.11 and earlier all…

Medium

CVE-2026-4925

Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administra…

Medium

CVE-2026-4989

Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticate…