CVE-2026-1768 | THREATINT

Description

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15.

PUBLISHED Reserved 2026-02-02 | Published 2026-02-24 | Updated 2026-02-24 | Assigner DEVOLUTIONS

Problem types

CWE-863 Incorrect Authorization

Product status

Default status

unaffected

Any version before 2025.3.15

affected

References

devolutions.net/security/advisories/DEVO-2026-0004/

cve.org (CVE-2026-1768)

nvd.nist.gov (CVE-2026-1768)

Download JSON