CVE-2026-9047
HighSummary
Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors.
Risk Assessment
An attacker could gain access to a user's account, potentially leading to data loss and security breaches within the organization.
Recommendation
It is recommended to update Devolutions Server to the latest version to mitigate this vulnerability and to train users on password security.
Original NVD description (English source)
Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0

