PT-2026-47431 · Devolutions · Server
Published
2026-06-08
·
Updated
2026-06-08
·
CVE-2026-10787
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request.
This issue affects :
- Devolutions Server 2026.2.4.0
- Devolutions Server 2026.1.20.0 and earlier
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Server