4.3

CVE-2026-5146

EPSS 0.16%
Veröffentlicht 12.05.2026 17:28:21
Zuletzt bearbeitet 26.05.2026 12:51:35
Quelle security@devolutions.net
CVE-Watchlists
Login
Unerledigt
Login

Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session validation.



This issue affects the following versions :

  *  

Devolutions Server 2026.1.6.0 through 2026.1.15.0


  *  

Devolutions Server 2025.3.19.0 and earlier

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Devolutions ≫ Devolutions Server Version < 2025.3.20.0

Devolutions ≫ Devolutions Server Version >= 2026.1.6.0 < 2026.1.16.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://devolutions.net/security/advisories/DEVO-2026-0012

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-5146

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5146

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5146

EUVD