CVE-2026-4396

Published: Mar 18, 2026 Last Modified: Mar 18, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,3

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: adjacent_network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: low

Description

AI Translation Available

Improper certificate validation in Devolutions Hub Reporting Service
2025.3.1.1 and earlier allows a network attacker to perform a
man-in-the-middle attack via disabled TLS certificate verification.

295

Improper Certificate Validation

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Authentication

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity

Applicable Platforms

Technologies: Mobile, Not Technology-Specific, Web Based

View CWE Details

https://devolutions.net/security/advisories/DEVO-2026-0009/

CVE-2026-4396

Description

Improper Certificate Validation

Common Consequences

Applicable Platforms

Iscriviti alla newsletter