CVE-2026-8477
Possible ATT&CK Techniques 1AI
T1530 · Data from Cloud StorageAffected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Devolutions | Server | 2026.1.6.0≤ 2026.1.16.0 | affected |
≤ 2025.3.20.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-8477
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
行为工作流的不恰当实施
Source: NVD (National Vulnerability Database)
Vulnerability Title
Devolutions Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Devolutions Server是加拿大Devolutions公司的一个应用系统。提供功能齐全的共享帐户和密码管理解决方案。 Devolutions Server 2026.1.6.0版本至2026.1.16.0版本和2025.3.20.0及之前版本存在安全漏洞,该漏洞源于密封条目工作流执行不当,可能导致对密封条目具有访问权限的经过身份验证的用户通过特制的API请求检索其敏感数据而不触发开封审计通知。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Devolutions | Server | 2026.1.6.0 ~ 2026.1.16.0 | - |
II. Public POCs for CVE-2026-8477
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-8477
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-8477 (1)
Same Patch Batch · Devolutions · 2026-05-22 · 12 CVEs total
| CVE-2026-7325 | Devolutions Server 安全漏洞 | |
| CVE-2026-9247 | Devolutions Server 安全漏洞 | |
| CVE-2026-9251 | Devolutions Server 安全漏洞 | |
| CVE-2026-9223 | Devolutions Server 安全漏洞 | |
| CVE-2026-9047 | Devolutions Server 安全漏洞 | |
| CVE-2026-9224 | Devolutions Server 安全漏洞 | |
| CVE-2026-9249 | Devolutions Server 安全漏洞 | |
| CVE-2026-9248 | Devolutions Server 安全漏洞 | |
| CVE-2026-9245 | Devolutions Server 安全漏洞 | |
| CVE-2026-9246 | Devolutions Server 安全漏洞 | |
| CVE-2026-5171 | Devolutions Server 安全漏洞 |
IV. Related Vulnerabilities
Same product: Server
- CVE-2026-48165
MariaDB: unsafe usage of `wsrep_sst_receive_address` values - CVE-2026-48163
MariaDB: wsrep SST unsafe parameter handling on the donor si - CVE-2026-44173
MariaDB: FILE privilege was not checked for subqueries in th - CVE-2026-44172
MariaDB: mysql_real_escape_string() incorrectly handled big5 - CVE-2026-44171
MariaDB: path traversal in mbstream
Same weakness: CWE-841
- CVE-2026-46540
Nimiq light-blockchain: Light blockchain rebranch issue - CVE-2026-43974
gun HTTP/1.1 client accepts unsolicited 101 Switching Protoc - CVE-2026-41259
Mastodon: Insufficient verification of email addresses - CVE-2026-34582
Botan has a TLS 1.3 certificate authentication bypass - CVE-2025-13459
IBM Aspera Console Denial of Service
V. Comments for CVE-2026-8477
No comments yet