CVE-2026-5171_CVE-2026-5171

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request.

This issue affects :

* Devolutions Server 2026.1.6.0 through 2026.1.16.0
* Devolutions Server 2025.3.20.0 and earlier

Basic Information

ID CVE-2026-5171

Source DEVOLUTIONS

Published May 22, 2026 at 15:28

Modified May 22, 2026 at 16:50

Affected Product

Vendor Devolutions

Product Server

Version 2026.1.6.0

Affected Versions Devolutions Server 2026.1.6.0
Devolutions Server 0

CWE Classification

CWE-284

References

devolutions.net /security/advisories/DEVO-2026-0013/

{
    "lastseen": "",
    "description": "Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request.\n\nThis issue affects :\n\n  *  Devolutions Server 2026.1.6.0 through 2026.1.16.0\n  *  Devolutions Server 2025.3.20.0 and earlier",
    "published": "2026-05-22T15:28:47.611Z",
    "modified": "2026-05-22T16:50:52.887Z",
    "type": "cve",
    "title": "CVE-2026-5171",
    "source": "DEVOLUTIONS",
    "references": "https://devolutions.net/security/advisories/DEVO-2026-0013/",
    "id": "CVE-2026-5171",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Devolutions Server 2026.1.6.0\nDevolutions Server 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Server",
    "version": "2026.1.6.0",
    "vendor": "Devolutions",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}