CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-4925

Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication (MFA) configuration via a crafted request. This issue affects Server: from 2026.1.6 through 2026.1.11.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.2%

CVSS Severity

CVSS v3 Score 5.0

References

https://devolutions.net/security/advisories/DEVO-2026-0010

Products affected by CVE-2026-4925

Devolutions » Devolutions Server » Version: 2026.1.11.0

cpe:2.3:a:devolutions:devolutions_server:2026.1.11.0
Devolutions » Devolutions Server » Version: 2026.1.6.0

cpe:2.3:a:devolutions:devolutions_server:2026.1.6.0
Devolutions » Devolutions Server » Version: 2026.1.7.0

cpe:2.3:a:devolutions:devolutions_server:2026.1.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4925

Products

Pricing

Contact Us