Home

Description

Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request.

PUBLISHED Reserved 2026-05-21 | Published 2026-05-22 | Updated 2026-05-22 | Assigner DEVOLUTIONS

Problem types

CWE-284 Improper access control

Product status

Default status
unaffected

Any version
affected

References

devolutions.net/security/advisories/DEVO-2026-0013/

cve.org (CVE-2026-9223)

nvd.nist.gov (CVE-2026-9223)

Download JSON