Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.9
Devolutions Server users and roles can be restored by anyone
CVE-2026-3638
Summary
A security issue in Devolutions Server 2025.3.11.0 and earlier allows a user with limited access to restore deleted users and roles. This means that sensitive data can be accidentally or maliciously restored. Update to the latest version to prevent this from happening.
Original title
Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafte...
Original description
Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests.
Vulnerability type
CWE-862
Missing Authorization
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026