CVE-2026-9247
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2026-05-22
Last updated on: 2026-05-22
Assigner: Devolutions Inc.
Description
Description
Insufficient logging in the entry export feature in Devolutions Server allows an authenticated user with export permissions to export a sealed entry without triggering the unseal notification to administrators via a crafted export request.
This issue affects :
* Devolutions Server 2026.1.6.0 through 2026.1.16.0
* Devolutions Server 2025.3.20.0 and earlier
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| devolutions | devolutions_server | to 2025.3.22.0 (exc) |
| devolutions | devolutions_server | From 2026.1.6.0 (inc) to 2026.1.19.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-778 | When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70