CVE-2026-3204

CRITICAL 9.8

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Improper input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL.

CWE	CWE-20
Vendor	devolutions
Product	server
Published	Mar 3, 2026
Last Updated	Mar 4, 2026

Stay Ahead of the Next One

Get instant alerts for devolutions server

Be the first to know when new critical vulnerabilities affecting devolutions server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Devolutions / Server

0 ≤ 2025.3.16

References

NVD ↗ CVE.org ↗ EPSS Data ↗

devolutions.net: https://devolutions.net/security/advisories/DEVO-2026-0005