CVE-2026-3131

MEDIUM 6.5

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Improper access control in multiple DVLS REST API endpoints in Devolutions Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.

CWE	CWE-200
Vendor	devolutions
Product	server
Published	Feb 24, 2026
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for devolutions server

Be the first to know when new medium vulnerabilities affecting devolutions server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Devolutions / Server

0 < 2025.3.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

devolutions.net: https://devolutions.net/security/advisories/DEVO-2026-0004/