๐Ÿ” CVE Alert

CVE-2026-14536

HIGH 7.3
CVSS Score
7.3
EPSS Score
0.3%
EPSS Percentile
20th

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an invalid default MFA value.

Vendor devolutions
Product server
Published Jul 6, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for devolutions server

Be the first to know when new high vulnerabilities affecting devolutions server are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Devolutions / Server
2026.2.4 < 2026.2.9

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
devolutions.net: https://devolutions.net/security/advisories/DEVO-2026-0023/