CVE-2026-4924

HIGH EPSS 24.4%

Published Apr 1, 20262mo ago · Modified Jun 17, 20261w ago

8.2 CVSS 3.1

High

Published Apr 1, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multifactor authentication and gain unauthorized access to the victim account via reuse of a partially authenticated session token.

CVSS Details

Base Score

8.2

Exploitability

1.8

Impact

5.8

Vector string

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Attack Vector Network

Attack Complexity High

Privileges Required Low

User Interaction None

Scope Changed

Confidentiality High

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

24.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-1390

Affected Products 2

Vendor	Product	Version	Range
devolutions	devolutions_server	*	<2025.3.18.0
devolutions	devolutions_server	*	≥2026.1.1.0 – <2026.1.12.0

References 1

devolutions.net https://devolutions.net/security/advisories/DEVO-2026-0010

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.