CVE-2026-7325
HighSummary
Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server.
Risk Assessment
The organization may be exposed to credential theft, potentially leading to unauthorized access to critical resources.
Recommendation
It is recommended to update Devolutions Server to the latest version to mitigate this vulnerability and review user authorization policies.
Original NVD description (English source)
Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier

