CVE-2026-9590
Improper Access Control in Devolutions Server
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: Devolutions Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| devolutions | server | 2026.1.19 |
| devolutions | server | to 2026.2.4 (exc) |
| devolutions | server | From 2026.1.20 (inc) |
| devolutions | server | From 2026.2.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper access control issue in the permission validation component of Devolutions Server version 2026.1.19 and earlier. It allows an authenticated user who has entry edit privileges to modify asset information without having the required permission to do so.
How can this vulnerability impact me? :
The impact of this vulnerability is that users with certain privileges can modify asset information without proper authorization. This could lead to unauthorized changes in critical asset data, potentially compromising the integrity and reliability of the system's asset management.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability in Devolutions Server 2026.1.19 and earlier, you should upgrade to Devolutions Server version 2026.1.20 or later, or 2026.2.4 or later.