Devolutions · Devolutions Server · CVE-2026-4829
Name of the Vulnerable Software and Affected Versions
Devolutions Server versions 2026.1.11 and earlier
Description
A flaw exists in the external OAuth authentication process that permits an authenticated user to assume the identity of other users, potentially including administrators. This is achieved by reusing a session code from an external authentication flow.
Recommendations
Update Devolutions Server to a version later than 2026.1.11.