Cyber Resilience

CVE-2026-8477

Low

Published: 22 May 2026

Published
22 May 2026
Modified
22 May 2026
KEV Added
Patch
CVSS Score v3.1 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0018 7.5th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2026-8477 is a low-severity Improper Enforcement of Behavioral Workflow (CWE-841) vulnerability in Devolutions Devolutions Server. Its CVSS base score is 2.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 7.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API…

more

request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
T1685.005 Clear Windows Event Logs Defense Impairment
Adversaries may clear Windows Event Logs to hide the activity of an intrusion.
Why these techniques?

Bypass of sealed workflow and audit logging directly enables stealthy retrieval of credentials/secrets (T1552) while avoiding detection via log manipulation (T1070.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

Affected Assets

devolutions
devolutions server
≤ 2025.3.22.0 · 2026.1.6.0 — 2026.1.19.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References