HIGHCVE-2026-4396Published 2026-03-18Modified 2026-03-18CNA DEVOLUTIONS

CVE-2026-4396: Improper certificate validation in Devolutions Hub Reporting Service

Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification.

CVSS v3.1: 8.3
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Devolutions / Hub Reporting Service
≤ 2025.3.1.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

References

devolutions.net

Metrics