Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Devolutions Server Error Message Spoofing
CVE-2026-3204
Summary
Devolutions Server versions 2025.3.16 and earlier may display a fake error message if a malicious user enters a specially crafted URL. This could trick users into revealing sensitive information or performing unintended actions. Update to the latest version of Devolutions Server to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| devolutions | devolutions_server | <= 2025.3.16.0 | – |
Original title
Improper
input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL.
Original description
Improper
input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL.
input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL.
nvd CVSS3.1
9.8
Vulnerability type
CWE-20
Improper Input Validation
- https://devolutions.net/security/advisories/DEVO-2026-0005 Vendor Advisory
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026