Back to CVE List

CVE-2026-5171

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vulnerability Description

Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request.

This issue affects :

* Devolutions Server 2026.1.6.0 through 2026.1.16.0
* Devolutions Server 2025.3.20.0 and earlier

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-284
Source
NVD
Vendor
devolutions
Product
devolutions_server

External References

Discussion (0)

Add Comment

No comments yet. Be the first!