CVE-2026-4828

Published: Apr 01, 2026 Last Modified: Apr 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request.

1390

Weak Authentication

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control

Potential Impacts:

Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: ICS/OT, Not Technology-Specific

View CWE Details

https://devolutions.net/security/advisories/DEVO-2026-0010

CVE-2026-4828

Description

Weak Authentication

Common Consequences

Applicable Platforms

Iscriviti alla newsletter