Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user's messages via a direct object reference to the message identifier.
https://devolutions.net/security/advisories/DEVO-2026-0024/
Source: Mitre, NVD
Published: 2026-07-14
Updated: 2026-07-15
Base Score: 2.1
Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N
Severity: Low
Base Score: 3.1
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS: 0.00142