What is the CVSS score of CVE-2026-3224?

CVE-2026-3224 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Azure are affected by CVE-2026-3224?

A critical authentication bypass vulnerability in Devolutions Server allows attackers to impersonate any Azure AD user without valid credentials, potentially granting unauthorized access to sensitive…

How to fix or mitigate CVE-2026-3224?

Within 24 hours: Identify all Devolutions Server instances using Azure AD authentication and isolate them from production networks if possible; enable enhanced logging and monitoring for authentication anomalies. Within 7 days: Implement network segmentation to restrict Devolutions Server access to authorized users only; consider disabling Azure AD authentication mode temporarily in favor of alternative authentication methods if available; conduct audit logs for unauthorized access attempts. Within 30 days: Monitor vendor communications for patch availability; evaluate alternative credential management solutions; conduct full access review of systems accessed through affected Devolutions Server instances.

Azure CVE-2026-3224

CRITICAL

Improper Authentication (CWE-287)

2026-03-03 security@devolutions.net

Azure Authentication Bypass Devolutions Server

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

CVE Published

Mar 03, 2026 - 22:16 nvd

CRITICAL 9.8

DescriptionCVE.org

Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).

AnalysisAI

Azure AD auth bypass in Devolutions Server 2025.3.15.0 and earlier.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft forged JWT token

Delivery

Send authentication request to Devolutions Server

Exploit

Bypass Entra ID validation

Execution

Assume arbitrary user identity

Impact

Access protected resources

Access

Craft forged JWT token

Delivery

Send authentication request to Devolutions Server

Exploit

Bypass Entra ID validation

Execution

Assume arbitrary user identity

Impact

Access protected resources

Vulnerability AssessmentAI

Exploitation	Devolutions Server 2025.3.15.0 or earlier with Microsoft Entra ID (Azure AD) authentication mode enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.8. Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Bypass Azure AD authentication.
Remediation	Update. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Devolutions Server instances using Azure AD authentication and isolate them from production networks if possible; enable enhanced logging and monitoring for authentication anomalies. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-3224 vulnerability details – vuln.today

Back

Azure CVE-2026-3224

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code