What the vulnerability does

01Description

Missing authorization in the vault import feature in Devolutions Server  2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request.

Key dates

02Disclosure timeline

May 22, 2026 CVE published
May 22, 2026 Record updated