CVE-2026-1007
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-19
Last updated on: 2026-02-10
Assigner: Devolutions Inc.
Description
Description
Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| devolutions | devolutions_server | From 2025.3.1.0 (inc) to 2025.3.14.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Authorization issue in the virtual gateway component of Devolutions Server. It allows attackers to bypass deny IP rules, meaning unauthorized IP addresses that should be blocked can gain access.
How can this vulnerability impact me? :
The impact of this vulnerability is that attackers can bypass IP-based access restrictions, potentially allowing unauthorized access to the server or its resources, which could lead to security breaches.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70