CVE-2026-3221

EUVD-2026-8707
Sensitive
 user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with 
access to the database to obtain sensitive user 
information via direct database access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
devolutionsdevolutions_server
𝑥
< 2025.3.15.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://devolutions.net/security/advisories/DEVO-2026-0004/