CVE-2026-1007
📋 TL;DR
An incorrect authorization vulnerability in Devolutions Server's virtual gateway component allows attackers to bypass IP deny rules. This affects Devolutions Server installations running versions 2025.3.1 through 2025.3.12, potentially enabling unauthorized access to protected resources.
💻 Affected Systems
- Devolutions Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could bypass all IP-based access controls, gaining unauthorized access to sensitive systems and data through the virtual gateway.
Likely Case
Attackers bypass IP restrictions to access internal resources that should be blocked, potentially leading to data exposure or lateral movement.
If Mitigated
With proper network segmentation and additional authentication layers, impact is limited to the virtual gateway component only.
🎯 Exploit Status
Exploitation requires network access to the virtual gateway but no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025.3.13 or later
Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2026-0003/
Restart Required: Yes
Instructions:
1. Download Devolutions Server 2025.3.13 or later from official sources. 2. Backup current configuration and data. 3. Run the installer to upgrade. 4. Restart Devolutions Server services.
🔧 Temporary Workarounds
Temporary IP Restriction via Firewall
allImplement firewall rules to restrict access to the virtual gateway port from unauthorized IPs.
# Example for Linux iptables: iptables -A INPUT -p tcp --dport [VIRTUAL_GATEWAY_PORT] -s [ALLOWED_IP] -j ACCEPT
# Example for Windows Firewall: New-NetFirewallRule -DisplayName "Devolutions Gateway Restrict" -Direction Inbound -LocalPort [VIRTUAL_GATEWAY_PORT] -RemoteAddress [ALLOWED_IP] -Protocol TCP -Action Allow
🧯 If You Can't Patch
- Disable the virtual gateway component if not essential.
- Implement network-level IP filtering upstream of the Devolutions Server.
🔍 How to Verify
Check if Vulnerable:
Check Devolutions Server version in web interface (Admin → About) or via PowerShell: Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like "*Devolutions Server*"} | Select-Object VersionCheck Version:
On Windows: wmic product where "name like '%Devolutions Server%'" get version. On Linux: Check /opt/devolutions/server/version.txt or similar.Verify Fix Applied:
Confirm version is 2025.3.13 or later and test IP deny rules functionality.📡 Detection & Monitoring
Log Indicators:
- Failed IP deny rule matches in Devolutions Server logs
- Unexpected successful connections from blocked IP ranges
Network Indicators:
- Traffic to virtual gateway port from IPs not in allowed list
- Connection attempts bypassing expected IP filters
SIEM Query:
source="devolutions.log" AND ("IP deny bypass" OR "unauthorized connection" OR "rule violation")