Severity by source
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request.
AnalysisAI
Devolutions Server versions 2026.1.11 and earlier allow authenticated remote attackers to bypass multi-factor authentication through improper validation of OAuth login requests, enabling account takeover without second-factor verification. CISA KEV status and exploit availability not confirmed at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Devolutions Server 2026.1.11 and earlier with OAuth login enabled. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | While CVSS score is not provided, the vulnerability carries significant real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with compromised or valid user credentials (e.g., via phishing or credential stuffing) initiates an OAuth login to Devolutions Server. Instead of completing the standard multi-factor authentication prompt, the attacker crafts a modified login request that exploits improper validation in the OAuth flow, causing the server to skip or incorrectly validate the MFA check. … |
| Remediation | Organizations should immediately upgrade Devolutions Server to version 2026.1.12 or later, which contains the authentication validation fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Provider service users in Bitwarden Server Cloud can hijack arbitrary organizations via unauthorized API endpoint access
Authentication bypass in Bitwarden Server versions prior to 2026.4.1 allows authenticated users with SCIM management pri
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration fiel
Privilege escalation in self-hosted Bitwarden Server before 2026.5.0 lets an authenticated organization member holding a
OS command injection in MariaDB Server (CWE-78) lets an attacker achieve remote code execution on Galera cluster nodes b
Broken access control in Bitwarden Server before 2026.5.0 exposes organization billing data to any authenticated user vi
Bitwarden Server prior to v2026.4.1 allows any authenticated user to write ciphers (encrypted credentials) into arbitrar
Devolutions Server 2026.1.11 and earlier allows authenticated remote attackers to bypass two-factor authentication by re
Devolutions Server contains an improper certificate validation vulnerability in its PAM propagation WinRM connections th
Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version
Tanium addressed a local privilege escalation vulnerability in Tanium Server. [CVSS 6.7 MEDIUM]
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server. [CVSS 6.7 MEDIUM]
Same weakness CWE-1390 – Weak Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17919
GHSA-g894-3pcr-4hv9