HarborGuard / CVE
Back to search
CRITICALCVE-2026-3224Published Modified CNA DEVOLUTIONS

CVE-2026-3224: Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025

Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
Affected Products
1
Affected packages
  • Devolutions / Server
    ≤ 2025.3.15.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2026-3224: Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025 | HarborGuard CVE