CVE-2026-3221

CVE-2026-3221

Vendor Devolutions
Product Server
Weakness CWE-312 · Cleartext storage
Published February 25, 2026
Last update February 26, 2026

CVSS base score

What the vulnerability does

01Description

Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user information via direct database access.

Key dates

02Disclosure timeline

February 25, 2026 CVE published
February 26, 2026 Record updated