CVE-2026-9590 | Improper access control in the permission validation compone… | CVSS 5.3 MEDIUM

Description

Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission.

Metadata

CVE ID: CVE-2026-9590
State: PUBLISHED
Assigner: DEVOLUTIONS
Reserved: 2026-05-26 13:26 UTC
Published: 2026-06-02 14:07 UTC
Last updated: 2026-06-02 19:39 UTC
Primary CWE: CWE-284
CWE-284 Improper Access Control
Vendor / Product: Devolutions / Server
Sources: cve.org · NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Devolutions	Server	—	0 ≤ 2026.1.19

Weakness (CWE)

CWE	Source	Description
CWE-284	adp	CWE-284 Improper Access Control

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.3	MEDIUM	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References (1)

https://devolutions.net/security/advisories/DEVO-2026-0014/