EUVD-2026-26049CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionNVD
Improper access control in the vault documentation feature in Devolutions Server 2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request.
Analysis
Improper access control in the vault documentation feature in Devolutions Server 2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request.
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Cross-Site Request Forgery in the Two-factor Authentication (formerly IP Vault) WordPress plugin versions up to and incl
Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged
Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated
Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write acce
Share
External POC / Exploit Code
Leaving vuln.today