Back to overview

CVE-2026-14536

Description
Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an invalid default MFA value.

Metadata

CVE ID
CVE-2026-14536
State
PUBLISHED
Assigner
DEVOLUTIONS
Reserved
2026-07-03 00:08 UTC
Published
2026-07-06 19:23 UTC
Last updated
2026-07-06 19:23 UTC
Vendor / Product
Devolutions / Server
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Devolutions Server 2026.2.4 < 2026.2.9
Weakness (CWE)
CWESourceDescription
cna cwe-693
Back to overview