Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery (SSRF), potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through 2026.1.11, from 2025.3.1 through 2025.3.17.
AnalysisAI
Server-side request forgery (SSRF) in Devolutions Server gateway health check feature allows low-privileged authenticated users to bypass input validation and trigger arbitrary requests, potentially disclosing sensitive information from internal systems or network resources. Affected versions are 2026.1.1-2026.1.11 and 2025.3.1-2025.3.17. No public exploit code or active exploitation has been confirmed at time of analysis.
Technical ContextAI
The vulnerability exists in the gateway health check API endpoint, a feature used to validate connectivity and status of backend gateway services. The root cause is improper input validation (CWE-918: Server-Side Request Forgery) that fails to restrict the target URL or resource that the health check mechanism can contact. Because the health check runs in the context of the Devolutions Server process (which typically has network access to internal systems), an attacker can craft malicious API requests to cause the server to issue HTTP requests to internal IP ranges, localhost services, or cloud metadata endpoints-bypassing network segmentation and revealing configuration, credentials, or other sensitive data. The CPE indicates all versions of Devolutions Server are potentially affected within the specified ranges.
RemediationAI
Upgrade Devolutions Server to a patched version released after 2026.1.11 or 2025.3.17 (exact fix versions are not specified in available data, so consult the vendor advisory at https://devolutions.net/security/advisories/DEVO-2026-0010 for the specific recommended upgrade path). As an interim measure, restrict API access to the gateway health check endpoint to trusted administrative users, implement network-level controls to limit outbound requests from the Devolutions Server process to designated gateways only, and monitor API logs for suspicious health check requests containing unusual or internal IP addresses. Patch availability and exact fix versions should be confirmed directly with Devolutions through their security advisory.
Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injectio
Account takeover in self-hosted Bitwarden Server before 2026.6.0 lets a low-privileged organization member steal any oth
Provider service users in Bitwarden Server Cloud can hijack arbitrary organizations via unauthorized API endpoint access
NoMachine Server is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack compl
NoMachine Server is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack comple
Authentication bypass in Bitwarden Server versions prior to 2026.4.1 allows authenticated users with SCIM management pri
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration fiel
A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to sen
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to
Privilege escalation in self-hosted Bitwarden Server before 2026.5.0 lets an authenticated organization member holding a
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" paramet
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Rated critical se
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17929
GHSA-w89v-w2pq-cc25