LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-3224

CVE-2026-3224 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 5, 2026

Devolutions Server - Authentication Bypass

Published: March 3, 2026Updated: March 5, 2026PoC AvailableRemote Exploitable

Overview

Devolutions Server <= 2025.3.15.0 contains an authentication bypass caused by acceptance of forged JSON Web Tokens in Microsoft Entra ID authentication mode, letting unauthenticated users authenticate as arbitrary Entra ID users.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 5.2%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can impersonate any Entra ID user, gaining unauthorized access to the system.

Mitigation

Update to the latest version beyond 2025.3.15.0.

References

Social Media Activity(3 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 4, 2026

šŸ”“ CVE-2026-3224 - Critical (9.8) Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT). šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-3224/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 4, 2026

šŸ”“ CVE-2026-3224 - Critical (9.8) Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT). šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-3224/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
Offensive Sequence
Offensive Sequence
@offseq
Mar 4, 2026

šŸšØ CVE-2026-3224: CRITICAL auth bypass in Devolutions Server <=2025.3.15.0 using Microsoft Entra ID. Attackers can forge JWTs for full access. No known exploits, but patch ASAP & tighten token validation. https://radar.offseq.com/threat/cve-2026-3224-cwe-287-improper-authentication-cwe--6697497e #OffSeq #Vuln #CyberSecurity #JWT

View original post

GitHub Repositories(1 repo)

Related Resources

Details

CVE ID
CVE-2026-3224
Severity
Critical
CVSS Score
9.8
Type
broken_authentication
Status
confirmed
EPSS
5.2%
Social Posts
3

CWE

  • CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.2%Probability of exploitation in the next 30 days