{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4434", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "state": "PUBLISHED", "assignerShortName": "DEVOLUTIONS", "dateReserved": "2026-03-19T18:23:32.838Z", "datePublished": "2026-03-20T12:52:55.762Z", "dateUpdated": "2026-03-23T14:12:02.673Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-03-20T12:52:55.762Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-295", "description": "CWE-295 Improper certificate validation", "type": "CWE"}]}], "affected": [{"vendor": "Devolutions", "product": "Server", "versions": [{"status": "affected", "version": "0", "lessThan": "2026.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper certificate validation in the PAM propagation WinRM connections\n allows a network attacker to perform a man-in-the-middle attack via \ndisabled TLS certificate verification.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper certificate validation in the PAM propagation WinRM connections\n allows a network attacker to perform a man-in-the-middle attack via \ndisabled TLS certificate verification."}]}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0005/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T14:11:59.346311Z", "id": "CVE-2026-4434", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:12:02.673Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4434", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T14:11:59.346311Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:10:54.645Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Devolutions", "product": "Server", "versions": [{"status": "affected", "version": "0", "lessThan": "2026.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0005/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Improper certificate validation in the PAM propagation WinRM connections\n allows a network attacker to perform a man-in-the-middle attack via \ndisabled TLS certificate verification.", "supportingMedia": [{"type": "text/html", "value": "Improper certificate validation in the PAM propagation WinRM connections\n allows a network attacker to perform a man-in-the-middle attack via \ndisabled TLS certificate verification.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper certificate validation"}]}], "providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-03-20T12:52:55.762Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4434", "state": "PUBLISHED", "dateUpdated": "2026-03-23T14:12:02.673Z", "dateReserved": "2026-03-19T18:23:32.838Z", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "datePublished": "2026-03-20T12:52:55.762Z", "assignerShortName": "DEVOLUTIONS"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper certificate validation in the PAM propagation WinRM connections\n allows a network attacker to perform a man-in-the-middle attack via \ndisabled TLS certificate verification."}], "id": "CVE-2026-4434", "lastModified": "2026-03-23T15:16:35.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-20T13:16:13.043", "references": [{"source": "security@devolutions.net", "url": "https://devolutions.net/security/advisories/DEVO-2026-0005/"}], "sourceIdentifier": "security@devolutions.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "security@devolutions.net", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2026.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Server", "source": "cna", "vendor": "Devolutions"}, "product": "server", "vendor": "devolutions"}], "analysis": {"en": {"generated_at": "2026-03-23T16:35:38.263791+00:00", "value": {"mitigation_remediation": ["Install the Devolutions Server security update referenced in advisory DEVO-2026-0005 to enforce TLS certificate validation.", "Verify that TLS certificate validation is enabled in PAM propagation WinRM connections; re\u2011enable it if it has been disabled.", "If an immediate patch cannot be applied, impose a temporary restriction on WinRM traffic to trusted hosts and monitor for anomalous activity.", "Keep Devolutions Server up\u2011to\u2011date and review vendor advisories regularly for further mitigations."], "summary": {"action": "Patch Now", "impact": "Man\u2011in\u2011the\u2011Middle vulnerability due to disabled TLS certificate validation"}, "threat_synthesis": {"affected_systems": "Devolutions Server is affected by this issue. The advisory does not specify which releases are vulnerable, so all deployed instances should be evaluated. Administrators should confirm the exact version in use.", "description_and_impact": "The vulnerability stems from improper certificate validation in PAM propagation WinRM connections. When TLS certificate verification is disabled, a network attacker can intercept and alter communication, enabling a man\u2011in\u2011the\u2011middle attack. This compromises the confidentiality and integrity of data transmitted, and may allow unauthorized access or credential theft. The weakness corresponds to CWE\u2011295: Improper Validation of Certificate Trust.", "risk_and_exploitability": "The CVSS score is 8.1, indicating high severity. The EPSS score is below 1\u202f%, suggesting that exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a network attacker who can reach a machine using PAM propagation WinRM connections; if TLS certificate verification is switched off, the attacker can perform a man\u2011in\u2011the\u2011middle attack by presenting a malicious certificate and capturing or modifying traffic."}}}}, "created": "2026-03-20T16:27:17.209647+00:00", "title": "Man\u2011in\u2011the\u2011Middle via Disabled TLS Certificate Verification in Devolutions Server PAM WinRM Connections", "updated": "2026-03-25T14:29:28.459578+00:00", "vendors": ["devolutions", "devolutions$PRODUCT$server"]}