{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4396", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "state": "PUBLISHED", "assignerShortName": "DEVOLUTIONS", "dateReserved": "2026-03-18T15:54:21.845Z", "datePublished": "2026-03-18T19:41:34.801Z", "dateUpdated": "2026-03-18T20:10:58.385Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-03-18T19:41:34.801Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-295", "description": "CWE-295 Improper certificate validation", "type": "CWE"}]}], "affected": [{"vendor": "Devolutions", "product": "Hub Reporting Service", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "2025.3.1.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper certificate validation in Devolutions Hub Reporting Service \n2025.3.1.1 and earlier allows a network attacker to perform a \nman-in-the-middle attack via disabled TLS certificate verification.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper certificate validation in Devolutions Hub Reporting Service \n2025.3.1.1 and earlier allows a network attacker to perform a \nman-in-the-middle attack via disabled TLS certificate verification."}]}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0009/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T20:10:30.703401Z", "id": "CVE-2026-4396", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T20:10:58.385Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4396", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T20:10:30.703401Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T20:09:44.109Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Devolutions", "product": "Hub Reporting Service", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2025.3.1.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0009/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Improper certificate validation in Devolutions Hub Reporting Service \n2025.3.1.1 and earlier allows a network attacker to perform a \nman-in-the-middle attack via disabled TLS certificate verification.", "supportingMedia": [{"type": "text/html", "value": "Improper certificate validation in Devolutions Hub Reporting Service \n2025.3.1.1 and earlier allows a network attacker to perform a \nman-in-the-middle attack via disabled TLS certificate verification.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper certificate validation"}]}], "providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-03-18T19:41:34.801Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4396", "state": "PUBLISHED", "dateUpdated": "2026-03-18T20:10:58.385Z", "dateReserved": "2026-03-18T15:54:21.845Z", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "datePublished": "2026-03-18T19:41:34.801Z", "assignerShortName": "DEVOLUTIONS"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:hub_reporting_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "55614A91-F21F-444D-9D2A-A29CDEE82216", "versionEndExcluding": "2026.1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper certificate validation in Devolutions Hub Reporting Service \n2025.3.1.1 and earlier allows a network attacker to perform a \nman-in-the-middle attack via disabled TLS certificate verification."}, {"lang": "es", "value": "Validaci\u00f3n de certificado incorrecta en Devolutions Hub Reporting Service 2025.3.1.1 y versiones anteriores permite a un atacante de red realizar un ataque man-in-the-middle a trav\u00e9s de la verificaci\u00f3n de certificado TLS deshabilitada."}], "id": "CVE-2026-4396", "lastModified": "2026-03-30T15:09:31.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-18T20:16:22.933", "references": [{"source": "security@devolutions.net", "tags": ["Vendor Advisory"], "url": "https://devolutions.net/security/advisories/DEVO-2026-0009/"}], "sourceIdentifier": "security@devolutions.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "security@devolutions.net", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025.3.1.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Hub Reporting Service", "source": "cna", "vendor": "Devolutions"}, "product": "hub_reporting_service", "vendor": "devolutions"}], "analysis": {"en": {"generated_at": "2026-03-30T16:31:33.036032+00:00", "value": {"mitigation_remediation": ["Upgrade Devolutions Hub Reporting Service to a version newer than 2025.3.1.1 where certificate validation is enforced.", "If an upgrade is not immediately possible, review and reconfigure the service to disable any options that turn off TLS verification, ensuring that certificate checks remain active.", "Restrict network access to the reporting service, placing it behind a firewall or VPN to limit potential attackers.", "Monitor network traffic for signs of interception or anomalies that may indicate a man\u2011in\u2011the\u2011middle attack.", "Regularly check the Devolutions security advisory page for further updates or security patches."], "summary": {"action": "Immediate Patch", "impact": "Man\u2011in\u2011the\u2011middle Attack"}, "threat_synthesis": {"affected_systems": "The affected product is Devolutions Hub Reporting Service, version 2025.3.1.1 and earlier. Users running any of those releases on their networks are vulnerable. The vulnerability is specific to the devaluations indicated by the vendor and the cpe string indicates only this product.", "description_and_impact": "Devolutions Hub Reporting Service versions 2025.3.1.1 and earlier perform improper TLS certificate validation, allowing an attacker on the same network to intercept and modify traffic. This flaw can lead to a man\u2011in\u2011the\u2011middle attack, compromising confidentiality and integrity of data exchanged by the service. The weakness corresponds to CWE\u2011295, where certificate checks are bypassed.", "risk_and_exploitability": "The CVSS score of 8.3 indicates high severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not yet cataloged in the CISA KEV list. Attackers would need control over the network path to the reporting service and could exploit the disabled TLS verification to pass through the traffic. Because the flaw is a certificate\u2011validation bypass, it is an in\u2011network attack vector; its risk is significant but exploitation likelihood is currently low."}}}}, "created": "2026-03-19T08:55:39.355236+00:00", "updated": "2026-03-30T20:59:09.346918+00:00", "vendors": ["devolutions", "devolutions$PRODUCT$hub_reporting_service"]}