๐Ÿ” CVE Alert

CVE-2026-9224

MEDIUM 4.3
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier

CWE CWE-862
Vendor devolutions
Product server
Published May 22, 2026
Last Updated May 22, 2026
Stay Ahead of the Next One

Get instant alerts for devolutions server

Be the first to know when new medium vulnerabilities affecting devolutions server are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Devolutions / Server
2026.1.6.0 โ‰ค 2026.1.16.0 0 โ‰ค 2025.3.20.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
devolutions.net: https://devolutions.net/security/advisories/DEVO-2026-0013/