Primary

Context

Devolutions Server Gateway Health Check Route Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in the gateway health check feature of Devolutions Server. This issue allows low-privileged authenticated users to send crafted API requests that could lead to unauthorized information disclosure. The vulnerability affects Devolutions Server versions 2026.1.1 through 2026.1.11 and 2025.3.1 through 2025.3.17.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information on the server.

Remediation

Users are advised to upgrade to Devolutions Server version 2026.1.12 or higher or 2025.3.18 or higher.

Added: Apr 1, 2026, 4:30 PM

Updated: Apr 1, 2026, 4:30 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

4.7

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

4.7

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Server Gateway Health Check Route Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Devolutions Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating