CVE-2026-15641
N/A
N/A
Summary
Improper authorization in the access request status endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to approve their own pending access request via a direct call to the request status endpoint, bypassing the required approver review.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Devolutions | Server | 0 < 2026.1.23 | affected |
| Devolutions | Server | 0 < 2026.2.12 | affected |
Weaknesses
- CWE-863: CWE-863
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.