GHSA-r2pw-9cxh-m8mrMediumCVSS 6.5

Improper access control in the ticketing integration settings in Devolutions Server allows an...

Published
June 8, 2026
Last Modified
June 8, 2026

🔗 CVE IDs covered (1)

📋 Description

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request.

This issue affects :

  • Devolutions Server 2026.2.4.0
  • Devolutions Server 2026.1.20.0 and earlier

🔗 References (3)