CVE-2026-4924

HIGH 8.2

CVSS Score

8.2

EPSS Score

0.0%

EPSS Percentile

0th

Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multifactor authentication and gain unauthorized access to the victim account via reuse of a partially authenticated session token.

CWE	CWE-1390
Vendor	devolutions
Product	server
Published	Apr 1, 2026
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for devolutions server

Be the first to know when new high vulnerabilities affecting devolutions server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Devolutions / Server

0 ≤ 2026.1.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

devolutions.net: https://devolutions.net/security/advisories/DEVO-2026-0010