CVE-2026-9522
Description
Authenticated users can delete network discovery scan configurations in Devolutions Server 2026.1.19 and earlier due to improper access control.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated users can delete network discovery scan configurations in Devolutions Server 2026.1.19 and earlier due to improper access control.
Vulnerability
Improper access control in the PAM account discovery feature of Devolutions Server versions 2026.1.19 and earlier allows authenticated users without administrative privileges to delete network discovery scan configurations.
Exploitation
An attacker who is already authenticated to the system and does not possess administrative privileges can exploit this vulnerability by accessing the PAM account discovery feature and initiating the deletion of network discovery scan configurations.
Impact
Successful exploitation allows an authenticated, non-administrative user to delete network discovery scan configurations, potentially disrupting network monitoring and management operations.
Mitigation
Devolutions Server versions 2026.1.19 and earlier are affected. A patched version is available. Please refer to the vendor advisory for specific version details and release dates [1].
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=2026.1.19
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.