Description
Improper certificate validation in the PAM propagation WinRM connections
allows a network attacker to perform a man-in-the-middle attack via
disabled TLS certificate verification.
Published: 2026-03-20
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Man‑in‑the‑Middle via disabled TLS certificate verification
Action: Immediate Patch
AI Analysis

Impact

Improper validation of TLS certificates in Devolutions Server’s PAM WinRM connections allows an attacker to intercept network traffic and alter data. The vulnerability, identified as CWE‑295, disables certificate verification, enabling a man‑in‑the‑middle attack that compromises confidentiality and integrity of communication between the server and its clients.

Affected Systems

Devolutions:Server is the affected product. No specific version information is provided in the CVE data, so any deployed instance of Devolutions Server may be vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, the likely attack vector is a network adversary capable of intercepting or forging WinRM traffic where certificate verification is disabled.

Generated by OpenCVE AI on March 30, 2026 at 16:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch or update referenced in the advisory https://devolutions.net/security/advisories/DEVO-2026-0005/
  • Ensure TLS certificate verification is enabled in PAM WinRM connections
  • Verify that the configuration change has taken effect and that certificates are being validated
  • Monitor logs for signs of unauthorized WinRM connections
  • Check Devolutions’ website or support for future updates or additional guidance

Generated by OpenCVE AI on March 30, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Title Man‑in‑the‑Middle via Disabled TLS Certificate Verification in Devolutions Server PAM WinRM Connections

Mon, 30 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Devolutions devolutions Server
CPEs cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
Vendors & Products Devolutions devolutions Server

Wed, 25 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Title Man‑in‑the‑Middle via Disabled TLS Certificate Verification in Devolutions Server PAM WinRM Connections

Mon, 23 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Devolutions
Devolutions server
Vendors & Products Devolutions
Devolutions server

Fri, 20 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification.
Weaknesses CWE-295
References

Subscriptions

Devolutions Devolutions Server Server
cve-icon MITRE

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published:

Updated: 2026-03-23T14:12:02.673Z

Reserved: 2026-03-19T18:23:32.838Z

Link: CVE-2026-4434

cve-icon Vulnrichment

Updated: 2026-03-23T14:10:54.645Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T13:16:13.043

Modified: 2026-03-30T15:23:51.527

Link: CVE-2026-4434

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T20:58:17Z

Weaknesses