CVE-2026-3638
EUVD-2026-1034809.03.2026, 19:16
Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| devolutions | devolutions_server | 𝑥 < 2025.3.12.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration