CVE-2026-3130

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

03/03/2026

Last modified:

03/03/2026

Description

Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion.

Impact

References to Advisories, Solutions, and Tools

https://devolutions.net/security/advisories/DEVO-2026-0005