Security Advisory

CVE-2026-9248

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-22 15:22:31

Last updated 2026-05-22 16:56:44

Assigner DEVOLUTIONS

State PUBLISHED

Description

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier

← Browse all CVEs View on cve.org ↗