CVE-2026-1007

Description

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

None

Affected products

Devolutions / Server2025.3.1 – 2025.3.12

References

VENDOR_ADVISORYhttps://devolutions.net/security/advisories/DEVO-2026-0003/