Devolutions · Devolutions Server · CVE-2026-3131
**Name of the Vulnerable Software and Affected Versions**
Devolutions Server versions 2025.3.14.0 and earlier
**Description**
An issue exists in Devolutions Server where improper access control in several DVLS REST API endpoints allows an authenticated user with view-only permissions to access sensitive connection data. The affected endpoints are not explicitly specified. The vulnerable parameters or variables are not specified.
**Recommendations**
Update Devolutions Server to a version later than 2025.3.14.0.