Description
Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an invalid default MFA value.
Published:
2026-07-06
Score:
n/a
EPSS:
n/a
KEV:
No
Impact:
n/a
Action:
n/a
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://devolutions.net/security/advisories/DEVO-2026-0023/ |
|
History
Mon, 06 Jul 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an invalid default MFA value. | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: DEVOLUTIONS
Published:
Updated: 2026-07-06T19:23:21.459Z
Reserved: 2026-07-03T00:08:05.267Z
Link: CVE-2026-14536
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
No weakness.