A vulnerability marked as problematic has been reported in Devolutions Server up to 2026.1.20.0/2026.2.4.0 . This affects an unknown function of the component Deleted User Groups API . This manipulation causes missing authorization. The identification of this vulnerability is CVE-2026-10787 . It is possible to initiate the attack remotely. There is no exploit available.