Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user's messages via a direct object reference to the message identifier.

Project Subscriptions

Vendors Products
Devolutions Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 16 Jul 2026 03:15:00 +0000

Type Values Removed Values Added
Title Unauthorized Message Deletion via Direct Object Reference

Wed, 15 Jul 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Devolutions
Devolutions server
Vendors & Products Devolutions
Devolutions server

Wed, 15 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 14 Jul 2026 18:45:00 +0000

Type Values Removed Values Added
Description Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user's messages via a direct object reference to the message identifier.
Weaknesses CWE-639
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published:

Updated: 2026-07-15T14:46:13.929Z

Reserved: 2026-07-08T13:55:05.553Z

Link: CVE-2026-15058

cve-icon Vulnrichment

Updated: 2026-07-15T14:44:25.453Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-16T03:00:12Z

Weaknesses