MAIN MENU

Security & compliance

Upholding the highest standards to protect your data and ensure trust.

DEVO-2026-0023

Devolutions Server is affected by an improper enforcement of multi-factor authentication policy vulnerability.

Affected Products

Devolutions Server
2026.2.4.0 through 2026.2.9.0

Change Log

Initial publication - 2026-07-06

Improper enforcement of multi-factor authentication policy

7.6 High - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an invalid default MFA value.

CVE(s)

CVE-2026-14536

Remediation and Workarounds

Upgrade to Devolutions Server 2026.2.11.0 or higher.