CVE-2026-7325 - Vulnerability Details

Description

Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server.

This issue affects :

* Devolutions Server 2026.1.6.0 through 2026.1.16.0
* Devolutions Server 2025.3.20.0 and earlier

Published: 2026-05-22

Score: 7.1 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is an improper authorization flaw in the Active Directory browsing feature of Devolutions Server. A low-privileged authenticated user can perform an authentication relay to an attacker-controlled server and retrieve authentication material tied to a stored PAM provider service account. This allows the attacker to acquire privileged credentials and potentially use them to authenticate to other systems, facilitating privilege escalation or lateral movement. The weakness is classified as CWE-918.

Affected Systems

Devolutions Server versions 2026.1.6.0 through 2026.1.16.0 and 2025.3.20.0 and earlier of the same product are affected by this flaw.

Risk and Exploitability

The vulnerability requires an authenticated session with low privileges on the Devolutions Server and enables the attacker to relay authentication to an external server, exposing credential material. The CVSS score of 7.1 indicates a medium-to-high level of risk. No EPSS score is available and the CVE is not listed in the CISA KEV catalog, however an attacker could exploit it by configuring a malicious server to capture the relayed credentials. Because the flaw permits credential theft, the potential impact is high, particularly in environments where stored PAM provider accounts are used for privileged access.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Devolutions

Server

unaffected

Version	Status	Constraints
`2026.1.6.0`	affected	≤ 2026.1.16.0
`0`	affected	≤ 2025.3.20.0

No data.

Vendor Product Confidence Versions

Devolutions

Server

100%

Version	Status	Scheme	Platform
`[2026.1.6.0,2026.1.16.0]`	affected	generic	—
`[0,2025.3.20.0]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Devolutions Server to a version later than 2026.1.16.0 (for instance 2026.1.17.0 or newer) to contain the fix for the authentication relay vulnerability.
If an upgrade cannot be performed immediately, restrict access to the Active Directory browsing feature by disabling it or limiting it to users with elevated privileges only.
Strengthen stored PAM provider account credentials and monitor authentication logs for unusual relay activity or failed authentication attempts.

Generated by OpenCVE AI on May 22, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://devolutions.net/security/advisories/DEVO-2026-0013/

History

Fri, 22 May 2026 19:15:00 +0000

Type	Values Removed	Values Added
Title	Credential Theft via Authentication Relay in Devolutions Server Active Directory Browsing

Fri, 22 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 22 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Title		Credential Theft via Authentication Relay in Devolutions Server Active Directory Browsing
First Time appeared		Devolutions Devolutions server
Vendors & Products		Devolutions Devolutions server

Fri, 22 May 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier
Weaknesses		CWE-918
References		https://devolutions.net/security/advisories/DEVO-2026-0013/

Subscriptions

Devolutions Server

MITRE

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published: 2026-05-22T15:30:08.167Z

Updated: 2026-05-22T16:48:37.785Z

Reserved: 2026-04-28T14:10:23.612Z

Link: CVE-2026-7325

Vulnrichment

Updated: 2026-05-22T16:48:33.716Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-22T19:00:15Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object