ByteOS Network

CVE Vulnerability Details :

CVE-2026-7325

PUBLISHED

More Info Official Page

Assigner-DEVOLUTIONS

Assigner Org ID-bfee16bd-18e6-446c-9a65-f5b2e3d89c23

Published At-22 May, 2026 | 15:30

Updated At-22 May, 2026 | 16:48

▼CVE Numbering Authority (CNA)

Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier

Affected Products

Vendor

Devolutions

Product

Server

Default Status

unaffected

Versions

Affected

From 2026.1.6.0 through 2026.1.16.0 (custom)
From 0 through 2025.3.20.0 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-918	CWE-918 Ssrf server side request forgery

Type: CWE

CWE ID: CWE-918

Description: CWE-918 Ssrf server side request forgery

References

Hyperlink	Resource
https://devolutions.net/security/advisories/DEVO-2026-0013/	N/A

Hyperlink: https://devolutions.net/security/advisories/DEVO-2026-0013/

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics

Version	Base score	Base severity	Vector
3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References