VYPR
Medium severity4.3NVD Advisory· Published May 22, 2026· Updated May 22, 2026

CVE-2026-5171

CVE-2026-5171

Description

Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request.

This issue affects :

  • Devolutions Server 2026.1.6.0 through 2026.1.16.0
  • Devolutions Server 2025.3.20.0 and earlier

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*range: <2025.3.22.0
    • (no CPE)range: <=2025.3.20.0, >=2026.1.6.0 <=2026.1.16.0

Patches

Vulnerability mechanics

References

1

News mentions

1