Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Devolutions Server 2025.3.14.0 and earlier: Sensitive Data Exposure
CVE-2026-3131
Summary
Devolusions Server's REST API has a security issue that allows users with limited permissions to access sensitive information about connections. This could potentially let someone see private data they shouldn't. Update to the latest version to fix this.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| devolutions | devolutions_server | <= 2025.3.15.0 | – |
Original title
Improper
access control in multiple DVLS REST API endpoints in Devolutions
Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.
Original description
Improper
access control in multiple DVLS REST API endpoints in Devolutions
Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.
access control in multiple DVLS REST API endpoints in Devolutions
Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.
nvd CVSS3.1
6.5
Vulnerability type
CWE-200
Information Exposure
- https://devolutions.net/security/advisories/DEVO-2026-0004/ Vendor Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026