Back to search
CVE-2026-4927
Published: Apr 1, 2026
Modified: Apr 1, 2026
PUBLISHED
Description
Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11.
| Vendor | Product | Versions |
|---|---|---|
Devolutions | Server | affected 2026.1.6 - <= 2026.1.11 |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now