CVE-2026-10786
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request.
Risk Assessment
The organization may be exposed to the leakage of sensitive data, potentially leading to further attacks on systems and resources. Low-privileged users could gain access to sensitive information, increasing the risk of security breaches.
Recommendation
It is recommended to update Devolutions Server to the latest version to mitigate this vulnerability. Additionally, conduct a user privilege audit and monitor API requests for potential abuse.
Original NVD description (English source)
Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : * Devolutions Server 2026.2.4.0 * Devolutions Server 2026.1.20.0 and earlier

