What the vulnerability does

01Description

Improper input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL.

Key dates

02Disclosure timeline

March 3, 2026 CVE published
March 4, 2026 Record updated