CVE-2026-14536
CVSS Score
7.3
EPSS Score
0.3%
EPSS Percentile
20th
Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an invalid default MFA value.
| Vendor | devolutions |
| Product | server |
| Published | Jul 6, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for devolutions server
Be the first to know when new high vulnerabilities affecting devolutions server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Devolutions / Server
2026.2.4 < 2026.2.9