Plataforma
other
Componente
devolutions-server
Corregido en
2026.1.12
CVE-2026-4829 describes an improper authentication flaw within the external OAuth authentication flow of Devolutions Server. This vulnerability allows a successfully authenticated user to leverage a previously obtained session code to impersonate other users, even those with administrative privileges. The vulnerability affects Devolutions Server versions 0 through 2026.1.11, and a patch is available from the vendor.
The impact of CVE-2026-4829 is significant due to the potential for complete account takeover. An attacker who can exploit this vulnerability can bypass the standard authentication process and gain access to the accounts of other users, including administrators. This could allow them to access sensitive data, modify configurations, or even compromise the entire Devolutions Server environment. The ability to impersonate administrators elevates the risk considerably, enabling attackers to perform actions they would not otherwise be authorized to do. This vulnerability shares similarities with other authentication bypass flaws where session tokens or codes are not properly managed, potentially leading to privilege escalation.
CVE-2026-4829 was publicly disclosed on April 1, 2026. There is currently no known public proof-of-concept (POC) code available. The EPSS score is pending evaluation, but the potential for administrator privilege escalation suggests a medium to high probability of exploitation if a POC is released. No active campaigns have been reported at this time, but given the ease of exploitation once a POC is available, organizations should prioritize patching.
Organizations heavily reliant on Devolutions Server for password management and sensitive data storage are at significant risk. Specifically, environments utilizing the external OAuth authentication flow are particularly vulnerable. Shared hosting environments where multiple users share a single Devolutions Server instance are also at increased risk, as a compromised account could potentially affect other users.
disclosure
Estado del Exploit
EPSS
0.04% (11% percentil)
The primary mitigation for CVE-2026-4829 is to upgrade Devolutions Server to a patched version. Devolutions has released a fix to address the improper authentication handling in the OAuth flow. Until the upgrade can be performed, consider restricting access to the OAuth authentication flow if it is not essential. Review and audit existing OAuth configurations to ensure proper security practices are in place. Monitor Devolutions Server logs for any suspicious authentication attempts or unusual user activity. While a WAF might not directly prevent this, it could be configured to detect and block unusual authentication patterns.
Actualice Devolutions Server a una versión posterior a la 2026.1.11 para corregir la vulnerabilidad de autenticación incorrecta en el flujo de autenticación OAuth externo. Esto evitará la reutilización de códigos de sesión y la suplantación de usuarios, incluidos los administradores.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-4829 is a vulnerability in Devolutions Server allowing authenticated users to impersonate others via OAuth session code reuse, potentially leading to account takeover. Severity is pending evaluation.
If you are using Devolutions Server versions 0 through 2026.1.11 and utilize the external OAuth authentication flow, you are potentially affected by this vulnerability.
Upgrade Devolutions Server to a patched version released by the vendor. Check the Devolutions website for the latest version and installation instructions.
As of now, there are no confirmed reports of active exploitation, but the potential for exploitation is high once a public proof-of-concept is available.
Refer to the official Devolutions security advisory on their website for detailed information and updates regarding CVE-2026-4829.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.