CVE-2026-3130
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion.
| CWE | CWE-841 |
| Vendor | devolutions |
| Product | server |
| Published | Mar 3, 2026 |
| Last Updated | Mar 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for devolutions server
Be the first to know when new critical vulnerabilities affecting devolutions server are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Devolutions / Server
0 < 2025.3.16