平台
other
组件
devolutions-server
修复版本
2025.3.16
CVE-2026-3224 describes an authentication bypass vulnerability affecting Devolutions Server versions up to 2025.3.15.0. This flaw allows an attacker to bypass authentication when using Microsoft Entra ID (Azure AD) and authenticate as an arbitrary user within the Entra ID tenant. The vulnerability stems from the ability to forge a JSON Web Token (JWT), granting unauthorized access. A fix is available in a patched version of Devolutions Server.
The impact of CVE-2026-3224 is significant due to the ease with which an attacker can gain unauthorized access. By forging a JWT, an attacker can effectively impersonate any user within the Entra ID organization, potentially gaining access to sensitive data, performing administrative actions, or escalating privileges. This could lead to data breaches, system compromise, and disruption of business operations. The ability to bypass authentication entirely removes a critical security layer, making the system highly vulnerable. Successful exploitation requires knowledge of the Entra ID tenant and the ability to craft a valid, albeit forged, JWT.
CVE-2026-3224 was publicly disclosed on 2026-03-03. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. Monitor CISA and Devolutions advisories for updates regarding active exploitation campaigns.
Organizations utilizing Devolutions Server with Microsoft Entra ID (Azure AD) authentication are at risk. This includes environments relying on Devolutions Server for password management and secure access to sensitive resources. Shared hosting environments using Devolutions Server are particularly vulnerable due to potential shared infrastructure and limited control over security configurations.
disclosure
漏洞利用状态
EPSS
0.05% (16% 百分位)
The primary mitigation for CVE-2026-3224 is to upgrade Devolutions Server to a patched version as soon as it becomes available. Until the upgrade is possible, consider implementing temporary workarounds. Review Entra ID application permissions and restrict access to the minimum necessary. Monitor Entra ID audit logs for suspicious login attempts or JWT usage. Implement stricter JWT validation policies within Entra ID to prevent the acceptance of forged tokens. After upgrading, verify the fix by attempting to authenticate with a forged JWT; it should be rejected.
将 Devolutions Server 更新到 2025.3.15.0 之后的版本以修复身份验证绕过漏洞。 这将防止未经验证的用户以任意 Entra ID 用户身份进行身份验证。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-3224 is a vulnerability in Devolutions Server versions up to 2025.3.15.0 that allows an attacker to bypass authentication and impersonate users via forged JWTs.
If you are using Devolutions Server version 2025.3.15.0 or earlier and utilize Microsoft Entra ID (Azure AD) authentication, you are potentially affected by this vulnerability.
Upgrade Devolutions Server to a patched version as soon as it is available. Until then, implement temporary workarounds like reviewing Entra ID permissions and monitoring audit logs.
As of the current disclosure date, there are no confirmed reports of active exploitation, but it's crucial to apply the patch promptly.
Refer to the official Devolutions security advisory page for the latest information and updates regarding CVE-2026-3224.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。