CVE-2026-4924

Published: Apr 01, 2026 Last Modified: Apr 01, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

Improper
authentication in the two-factor authentication (2FA) feature in
Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid
credentials to bypass multifactor authentication and gain unauthorized
access to the victim account via reuse of a partially authenticated
session token.

1390

Weak Authentication

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability Access Control
Potential Impacts:
Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: ICS/OT, Not Technology-Specific
View CWE Details
https://devolutions.net/security/advisories/DEVO-2026-0010
https://devolutions.net/security/advisories/DEVO-2026-0010