PT-2026-22828 · Devolutions · Devolutions Server
Published
2026-03-03
·
Updated
2026-03-04
·
CVE-2026-3130
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Devolutions Server versions 2025.3.15 and earlier
Description
An issue exists in Devolutions Server where improper enforcement of behavioral controls can allow an authenticated attacker with delete permission to remove a Privileged Access Management (PAM) account that is currently in use. This occurs when the attacker selects the checked-out account along with at least one account that is not checked out and performs a bulk deletion operation.
Recommendations
Versions prior to 2025.3.15 should be updated.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Devolutions Server