Back to overview

CVE-2026-15641

Description
Improper authorization in the access request status endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to approve their own pending access request via a direct call to the request status endpoint, bypassing the required approver review.

Metadata

CVE ID
CVE-2026-15641
State
PUBLISHED
Assigner
DEVOLUTIONS
Reserved
2026-07-13 18:21 UTC
Published
2026-07-14 18:09 UTC
Last updated
2026-07-14 18:09 UTC
Primary CWE
CWE-863
CWE-863
Vendor / Product
Devolutions / Server
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Devolutions Server 0 < 2026.1.23, 0 < 2026.2.12
Weakness (CWE)
CWESourceDescription
CWE-863 cna CWE-863
Back to overview