HIGHCVE-2026-1007Published 2026-01-19Modified 2026-01-20CNA DEVOLUTIONS

CVE-2026-1007: Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.

CVSS v3.1: 7.6
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Devolutions / Server
≤ 2025.3.12

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:N

References

devolutions.net

Metrics