Skip to content
Threat Feed
high advisory

Devolutions Server: Vulnerability Allows Multi-Factor Authentication Bypass

A remote, authenticated attacker can exploit a vulnerability in Devolutions Server to bypass its multi-factor authentication (MFA) security measures, potentially leading to unauthorized access to sensitive data and systems.

A significant vulnerability has been identified in Devolutions Server, an enterprise solution for managing privileged access and credentials. This flaw, rated as high severity by BSI (German Federal Office for Information Security), allows a remote, authenticated attacker to bypass multi-factor authentication (MFA) protections. The advisory, published on July 7, 2026, highlights that while an attacker must first gain initial authentication credentials, the successful exploitation of this vulnerability negates the added security layer provided by MFA. This is critical for defenders as MFA is a fundamental control against credential theft and provides a strong defense against unauthorized access to sensitive systems and data managed by Devolutions Server. Without specific details on the nature of the bypass, organizations are urged to apply vendor-provided patches immediately.

Impact

The successful exploitation of this MFA bypass vulnerability could have severe consequences for organizations utilizing Devolutions Server. An attacker who has already obtained legitimate user credentials (e.g., through phishing or credential stuffing) could then gain full access to the privileged access management system, bypassing the crucial second factor of authentication. This level of access would allow the attacker to retrieve sensitive credentials, access management tools, and potentially control critical infrastructure. The primary impact is unauthorized access, which can lead to data exfiltration, system compromise, or further lateral movement within the victim's network. The advisory does not specify observed victims or targeted sectors but emphasizes the high risk posed by this type of security bypass.

Recommendation

  • Prioritize and immediately apply all available security updates from Devolutions for Devolutions Server to remediate the MFA bypass vulnerability.
  • Review access logs for Devolutions Server for any suspicious authentication attempts that successfully bypass MFA or originate from unusual locations/IPs.
  • Implement strict password policies and ensure robust initial authentication mechanisms to prevent initial credential compromise, as this vulnerability requires an already authenticated attacker.