CVE-2026-4829

Published: Apr 01, 2026 Last Modified: Apr 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow.

287

Improper Authentication

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control

Potential Impacts:

Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: ICS/OT, Not Technology-Specific, Web Based

Likelihood of Exploit: High

View CWE Details

https://devolutions.net/security/advisories/DEVO-2026-0010

CVE-2026-4829

Description

Improper Authentication

Common Consequences

Applicable Platforms

Iscriviti alla newsletter