CVE-2026-5175

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests.

This issue affects Server: from 2026.1.6 through 2026.1.11.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2026-5175

Affected Products

Server

CVE-2026-5175

Weakness Enumeration

Related Identifiers

Affected Products

References · 2