← Voltar para CVEs
CVE-2026-4927
MEDIUM6.5
Descricao
Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11.
Detalhes CVE
Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado4/1/2026
Ultima modificacao4/3/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
devolutions:devolutions_server
Fraquezas (CWE)
CWE-201
Referencias
https://devolutions.net/security/advisories/DEVO-2026-0010(security@devolutions.net)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.