Primary

Context

Devolutions Server Insufficient Logging in Entry Export Feature Notification Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in the entry export feature of Devolutions Server, specifically in versions 2026.1.6.0 through 2026.1.16.0 and 2025.3.20.0 and earlier. This vulnerability allows an authenticated user with export permissions to export a sealed entry without notifying administrators, by sending a crafted export request. The issue arises from inadequate logging when exporting sealed entries, which enables the bypass of the unseal notification workflow.

Impact

Exploitation of this vulnerability allows for the unseal notification to administrators to be bypassed when exporting sealed entries, potentially leading to unauthorized access to sensitive data without triggering the appropriate audit trail.

Remediation

Users are advised to upgrade to Devolutions Server version 2026.1.19.0 or higher, or 2025.3.22.0 or higher.

Added: May 26, 2026, 3:35 PM

Updated: May 26, 2026, 3:35 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.1

exploitability

5.2

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.1

exploitability

5.2

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Server Insufficient Logging in Entry Export Feature Notification Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Devolutions Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating