HIGHCVE-2026-4828Published 2026-04-01Modified 2026-04-01CNA DEVOLUTIONS

CVE-2026-4828: Improper authentication in the OAuth login functionality in Devolutions Server 2026

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request.

CVSS v3.1: 8.2
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Devolutions / Server
≤ 2026.1.11

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

References

devolutions.net

Metrics