CVE-2026-4927
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Description
Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request.
This issue affects Server: from 2026.1.6 through 2026.1.11.
This issue affects Server: from 2026.1.6 through 2026.1.11.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-201
Source
NVD
Vendor
devolutions
Product
devolutions_server
Discussion (0)
Add Comment
No comments yet. Be the first!