CVE-2026-1768
Received Received - Intake
Permission Cache Poisoning in Devolutions Server Enables Access Bypass

Publication date: 2026-02-24

Last updated on: 2026-02-26

Assigner: Devolutions Inc.

Description
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1768
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
devolutions devolutions_server to 2025.3.15.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1768 is a permission cache poisoning vulnerability in Devolutions Server that allows authenticated users to bypass permission checks.

This means that users who have logged in can exploit this flaw to gain unauthorized access to entries they should not be able to see or modify.

The vulnerability affects versions of Devolutions Server before 2025.3.15.

Impact Analysis

This vulnerability can have a significant impact on confidentiality and integrity within Devolutions Server.

Authenticated users exploiting this issue can bypass access controls, potentially viewing or modifying sensitive entries without proper authorization.

Such unauthorized access can lead to data breaches, unauthorized data manipulation, and compromise of system trust.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the permission cache poisoning vulnerability in Devolutions Server (CVE-2026-1768), you should upgrade your Devolutions Server to version 2025.3.15 or later.

This upgrade addresses the security issue by fixing the authorization bypass that allows authenticated users to bypass permissions and access unauthorized entries.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1768. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart