CVE-2026-3131 - AskarLabs CVE Database

CVE-2026-3131

Vendor Devolutions

Product Server

Weakness CWE-200 · Info exposure

Published February 24, 2026

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper access control in multiple DVLS REST API endpoints in Devolutions Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.

Key dates

02Disclosure timeline

February 24, 2026 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-3131

Related vulnerabilities

04Related CVE

CVE-2024-39527 Junos OS: SRX Series: Low privileged user able to access sensitive information on file system CVE-2023-6136 WordPress Debug Log Manager Plugin <= 2.3.0 is vulnerable to Sensitive Data Exposure CVE-2022-33919 CVE-2026-41183 FreeScout allows non-folder conversation queries to disclose assigned-only hidden conversations CVE-2026-32094 Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash