CVE-2026-9246

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of sealed entries via a crafted API request.

This issue affects :

Devolutions Server 2026.1.6.0 through 2026.1.16.0
Devolutions Server 2025.3.20.0 and earlier

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2026-9246

Affected Products

Server

CVE-2026-9246

Weakness Enumeration

Related Identifiers

Affected Products

References · 1