Primary

Context

Devolutions Server Missing Authorization Vulnerability in Vault Import Feature

Vulnerability

Patched

A vulnerability exists in Devolutions Server in versions through 2026.1.16.0, allowing low-privileged authenticated users to create new vaults by sending a crafted import request. This issue arises from missing authorization in the vault import feature.

Impact

Exploitation of this vulnerability allows for unauthorized creation of vaults, potentially leading to unauthorized access or management of sensitive information within those vaults.

Remediation

Users are advised to upgrade to Devolutions Server version 2026.1.19.0 or higher.

Added: May 26, 2026, 3:38 PM

Updated: May 26, 2026, 3:38 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.2

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.2

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Server Missing Authorization Vulnerability in Vault Import Feature

Vulnerability

Impact

Remediation

Affected Products

Devolutions Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating