A vulnerability labeled as critical has been found in Devolutions Server up to 2026.1.20.0/2026.2.4.0 . The impacted element is an unknown function of the component API . The manipulation results in improper access controls. This vulnerability was named CVE-2026-10786 . The attack may be performed from remote. There is no available exploit.