Cyber Resilience

CVE-2026-4396

High

Published: 18 March 2026

Published
18 March 2026
Modified
30 March 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 4.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-4396 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Devolutions Hub Reporting Service. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 4.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-17 (Public Key Infrastructure Certificates).

Deeper analysis

CVE-2026-4396 is an improper certificate validation vulnerability in Devolutions Hub Reporting Service versions 2025.3.1.1 and earlier. The issue arises from disabled TLS certificate verification, enabling a network attacker to perform a man-in-the-middle (MITM) attack, and is classified under CWE-295 with a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

A network-based attacker requires no privileges or user interaction to exploit this vulnerability, though high attack complexity is needed. Successful exploitation allows the attacker to intercept and manipulate communications, resulting in high impacts to confidentiality, integrity, and availability.

The Devolutions security advisory DEVO-2026-0009 at https://devolutions.net/security/advisories/DEVO-2026-0009/ provides details on mitigation and patching guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Disabled TLS certificate verification directly enables undetected Adversary-in-the-Middle positioning and traffic interception/manipulation on application-layer connections.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-11621Same vendor: Devolutions
CVE-2025-1193Same vendor: Devolutions
CVE-2026-4434Same vendor: Devolutions
CVE-2026-2590Same vendor: Devolutions
CVE-2026-33810Shared CWE-295
CVE-2026-42012Shared CWE-295
CVE-2025-0500Shared CWE-295
CVE-2025-70043Shared CWE-295
CVE-2026-25160Shared CWE-295
CVE-2026-1530Shared CWE-295

Affected Assets

devolutions
hub reporting service
≤ 2026.1.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-17 requires establishment and maintenance of PKI certificate validation processes, directly mitigating the disabled TLS certificate verification that enables MITM attacks in this CVE.

prevent

CM-6 mandates secure configuration settings for components like the Devolutions Hub Reporting Service, ensuring TLS certificate verification is enabled to prevent exploitation.

prevent

SI-2 requires timely identification, reporting, and correction of flaws such as CVE-2026-4396 through vendor-provided patches in DEVO-2026-0009.

References