CVE-2026-3638 (HIGH): Devolutions Server ≤ 2025.3.11.0 has missing authorization in restore APIs — low-priv users can reinstate deleted accounts, risking privilege escalation. Restrict API access & monitor logs! https://radar.offseq.com/threat/cve-2026-3638-cwe-862-missing-authorization-in-dev-87162fbb #OffSeq #Devolutions #AppSec