{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T00:19:52.324","vulnerabilities":[{"cve":{"id":"CVE-2026-3221","sourceIdentifier":"security@devolutions.net","published":"2026-02-25T19:43:26.530","lastModified":"2026-02-28T00:43:23.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Sensitive\n user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with \naccess to the database to obtain sensitive user \ninformation via direct database access."},{"lang":"es","value":"Hay información sensible de cuentas de usuario que no está cifrada en la base de datos en Devolutions Server 2025.3.14 y versiones anteriores, lo que permite a un atacante con acceso a la base de datos obtener información sensible del usuario a través del acceso directo a la base de datos."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@devolutions.net","type":"Secondary","description":[{"lang":"en","value":"CWE-312"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2025.3.15.0","matchCriteriaId":"6DB87A4B-D40B-442F-8BF5-CA935BFADB3D"}]}]}],"references":[{"url":"https://devolutions.net/security/advisories/DEVO-2026-0004/","source":"security@devolutions.net","tags":["Vendor Advisory"]}]}}]}