CVE-2026-10787
Vulnerability Description
Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request.
This issue affects :
* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier
This issue affects :
* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-862
Source
NVD
Vendor
Devolutions
Product
Server
Discussion (0)
Add Comment
No comments yet. Be the first!