Improper
access control in the vault documentation feature in Devolutions Server
2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request.