CVE-2026-3221

MEDIUM(4.9)

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Risk Signal Score12/100 — NIEDRIG

CVSS 4.9 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

4.9

Technische Schwere

Beschreibung

Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user information via direct database access.

Referenzen

https://devolutions.net/security/advisories/DEVO-2026-0004/