What is GHSA-3q36-9rmf-ffj7?

GHSA-3q36-9rmf-ffj7 is a security advisory published by GitHub Security Advisories with Medium severity. Improper access control in the entry activity log feature in Devolutions Server allows an...

Which CVE IDs does GHSA-3q36-9rmf-ffj7 cover?

GHSA-3q36-9rmf-ffj7 covers the following CVE IDs: CVE-2026-5171. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-3q36-9rmf-ffj7?

GHSA-3q36-9rmf-ffj7 has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

GHSA-3q36-9rmf-ffj7MediumCVSS 4.3

Improper access control in the entry activity log feature in Devolutions Server allows an...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2026-5171 →

📋 Description

Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request.

This issue affects :

Devolutions Server 2026.1.6.0 through 2026.1.16.0
Devolutions Server 2025.3.20.0 and earlier

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-5171
https://devolutions.net/security/advisories/DEVO-2026-0013
https://github.com/advisories/GHSA-3q36-9rmf-ffj7