CVE-2026-3224 POC (Proof-of-Concept)

Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).

Published: 2026-03-03

CVSS: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Download CVE-2026-3224 POC (Proof-of-Concept) here:

http://zeroday5ujpidshxn6zbfitgjltnm6ynx5pvtpmptj3lsq46b6vvrpqd.onion/exploit-for-cve-2026-3224.717/

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

Check our portfolio:

http://zeroday5ujpidshxn6zbfitgjltnm6ynx5pvtpmptj3lsq46b6vvrpqd.onion/members/ccsfteam.254/

https://dnacompany.com/poc-461-cve-2026-2855/

https://dnacompany.com/poc-497-cve-2026-2906/

https://dnacompany.com/poc-367-cve-2026-27174/

https://dnacompany.com/poc-409-cve-2025-30411/

https://dnacompany.com/poc-45-cve-2026-25238/

Social media

Our Services

Contact us

Earthcrate