What the vulnerability does
01Description
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15.
CVSS base score
—
Key dates
02Disclosure timeline
February 24, 2026
CVE published
February 26, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-48911 OpenCanary Executes Commands From Potentially Writable Config File
CVE-2025-59824 Omni Wireguard SideroLink potential escape
CVE-2024-45328
CVE-2025-3861 Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions
CVE-2023-4317 Incorrect Authorization in GitLab
