CVE-2026-9590
5.3 MEDIUMImproper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user w...
Published: 2026-06-02 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-284
Affected products
| Vendor | Product |
|---|---|
| devolutions | devolutions_server |
Description
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-9522 — Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user wit... (5.4 MEDIUM)
- CVE-2026-5146 — Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or de... (4.3 MEDIUM)
- CVE-2026-8407 — Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissio... (4.3 MEDIUM)
Same CWE
- CVE-2026-48610 — Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability fou... (8.1 HIGH)
- CVE-2026-47366 — Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenti... (7.2 HIGH)
- CVE-2026-44249 — Netty is a network application framework for development of protocol servers and clients (8.1 HIGH)
- CVE-2026-45178 — Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints
- CVE-2026-45177 — Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components