Home / Vulnerability Intelligence / CVE-2026-3204

CVE-2026-3204 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 4, 2026

Devolutions Server - Reflected XSS

Published: March 3, 2026Updated: March 4, 2026Remote Exploitable

Overview

Devolutions Server <= 2025.3.15 contains a reflected XSS caused by improper input validation in the error message page, letting remote attackers spoof error messages via crafted URLs, exploit requires no special privileges.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Remote attackers can spoof error messages, potentially misleading users or executing scripts in their browsers.

Mitigation

Update to the latest version beyond 2025.3.15.

References

https://devolutions.net/security/advisories/DEVO-2026-0005

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3204
Severity: Critical
CVSS Score: 9.8
Type: reflected_xss
Status: unconfirmed

CWE

CWE-20

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H