Unrated severityNVD Advisory· Published Mar 9, 2026· Updated Mar 9, 2026
CVE-2026-3638
CVE-2026-3638
Description
Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Devolutions/Serverv5Range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.