Skip to main content

Hub Reporting Service

1 CVEs product

Monthly

CVE-2026-4396 HIGH This Week

Devolutions Hub Reporting Service versions 2025.3.1.1 and earlier contain improper certificate validation that disables TLS certificate verification, enabling network attackers to intercept and manipulate encrypted communications. An unauthenticated attacker on the network can conduct man-in-the-middle (MITM) attacks to eavesdrop on sensitive data exchanges or inject malicious content. While no CVSS score or EPSS probability is currently available, the vulnerability's classification under CWE-295 (Improper Certificate Validation) indicates a cryptographic bypass with potentially severe information disclosure implications.

Information Disclosure Hub Reporting Service
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH This Week

Devolutions Hub Reporting Service versions 2025.3.1.1 and earlier contain improper certificate validation that disables TLS certificate verification, enabling network attackers to intercept and manipulate encrypted communications. An unauthenticated attacker on the network can conduct man-in-the-middle (MITM) attacks to eavesdrop on sensitive data exchanges or inject malicious content. While no CVSS score or EPSS probability is currently available, the vulnerability's classification under CWE-295 (Improper Certificate Validation) indicates a cryptographic bypass with potentially severe information disclosure implications.

Information Disclosure Hub Reporting Service
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy