Platform
other
Component
devolutions-server
Opgelost in
2025.3.16
CVE-2026-3224 describes an authentication bypass vulnerability affecting Devolutions Server versions up to 2025.3.15.0. This flaw allows an attacker to bypass authentication when using Microsoft Entra ID (Azure AD) and authenticate as an arbitrary user within the Entra ID tenant. The vulnerability stems from the ability to forge a JSON Web Token (JWT), granting unauthorized access. A fix is available in a patched version of Devolutions Server.
The impact of CVE-2026-3224 is significant due to the ease with which an attacker can gain unauthorized access. By forging a JWT, an attacker can effectively impersonate any user within the Entra ID organization, potentially gaining access to sensitive data, performing administrative actions, or escalating privileges. This could lead to data breaches, system compromise, and disruption of business operations. The ability to bypass authentication entirely removes a critical security layer, making the system highly vulnerable. Successful exploitation requires knowledge of the Entra ID tenant and the ability to craft a valid, albeit forged, JWT.
CVE-2026-3224 was publicly disclosed on 2026-03-03. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. Monitor CISA and Devolutions advisories for updates regarding active exploitation campaigns.
Organizations utilizing Devolutions Server with Microsoft Entra ID (Azure AD) authentication are at risk. This includes environments relying on Devolutions Server for password management and secure access to sensitive resources. Shared hosting environments using Devolutions Server are particularly vulnerable due to potential shared infrastructure and limited control over security configurations.
disclosure
Exploit Status
EPSS
0.05% (16% percentiel)
The primary mitigation for CVE-2026-3224 is to upgrade Devolutions Server to a patched version as soon as it becomes available. Until the upgrade is possible, consider implementing temporary workarounds. Review Entra ID application permissions and restrict access to the minimum necessary. Monitor Entra ID audit logs for suspicious login attempts or JWT usage. Implement stricter JWT validation policies within Entra ID to prevent the acceptance of forged tokens. After upgrading, verify the fix by attempting to authenticate with a forged JWT; it should be rejected.
Werk Devolutions Server bij naar een versie later dan 2025.3.15.0 om de authenticatie-omissing te verhelpen. Dit voorkomt dat niet-geauthenticeerde gebruikers zich kunnen authenticeren als willekeurige Entra ID gebruikers.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-3224 is a vulnerability in Devolutions Server versions up to 2025.3.15.0 that allows an attacker to bypass authentication and impersonate users via forged JWTs.
If you are using Devolutions Server version 2025.3.15.0 or earlier and utilize Microsoft Entra ID (Azure AD) authentication, you are potentially affected by this vulnerability.
Upgrade Devolutions Server to a patched version as soon as it is available. Until then, implement temporary workarounds like reviewing Entra ID permissions and monitoring audit logs.
As of the current disclosure date, there are no confirmed reports of active exploitation, but it's crucial to apply the patch promptly.
Refer to the official Devolutions security advisory page for the latest information and updates regarding CVE-2026-3224.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.