CVE-2026-10787EPSS p5.0%

CVE-2026-10787CVE-2026-10787

devolutions / devolutions_server

Description

Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This issue affects : * Devolutions Server 2026.2.4.0 * Devolutions Server 2026.1.20.0 and earlier

Scoring

CVSS 4.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS0.15% probability of exploitation · percentile 5.0% · 2026-06-19T12:03:05Z
Last modified2026-06-12

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-10786
CVE
CVE-2025-4433
CVE
CVE-2026-9522
CVE
CVE-2025-11957
CVE
CVE-2026-9590
CVE
CVE-2026-4828
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.