CVE Catalog

CVE-2026-10786

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

6th percentile - higher than 6% of all known CVEs

Summary

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request.

Risk Assessment

The organization may be exposed to the leakage of sensitive data, potentially leading to further attacks on systems and resources. Low-privileged users could gain access to sensitive information, increasing the risk of security breaches.

Recommendation

It is recommended to update Devolutions Server to the latest version to mitigate this vulnerability. Additionally, conduct a user privilege audit and monitor API requests for potential abuse.

Original NVD description (English source)

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : * Devolutions Server 2026.2.4.0 * Devolutions Server 2026.1.20.0 and earlier

Vulnerability data from NVD (NIST) · CISA KEV · EPSS