Powershell Universal Security Vulnerabilities and Issues — Powershell Universal CVE List

IronmansoftwarePowershell Universal

8 matches found

CVE•added 2022/11/14 12:0 a.m.•51 views

CVE-2022-45183

The CVE-2022-45183 vulnerability affects Ironman Software PowerShell Universal 2.x and 3.x Web Server and enables privilege escalation: an attacker possessing a valid app token can retrieve other app tokens by ID via an HTTP request. The issue is rated high (CVSS v3.1 base score 8.8) with network...

8.8CVSS8.5AI score0.00768EPSS

CVE•added 2022/11/14 12:0 a.m.•47 views

CVE-2022-45184

The CVE-2022-45184 entry concerns Ironman Software PowerShell Universal Web Server under v3.x/v2.x where a directory-traversal flaw in the web server endpoints allows a remote attacker with administrator privileges to create, delete, update, and display files outside the configuration directory v...

7.2CVSS6.9AI score0.01911EPSS

CVE•added 2023/11/23 12:0 a.m.•37 views

CVE-2023-49213

The CVE-2023-49213 issue affects Ironman PowerShell Universal versions 3.0.0 through 4.2.0. The vulnerability arises from invalid sanitization of input strings in API endpoints, allowing remote attackers to execute arbitrary commands via crafted HTTP requests when a param block is used. Fixed ver...

8.8CVSS8.9AI score0.02127EPSS

CVE•added 2026/02/27 3:11 p.m.•16 views

CVE-2026-3277

The vulnerability CVE-2026-3277 affects PowerShell Universal prior to version 2026.1.3, where the OpenID Connect (OIDC) client secret is stored in cleartext in the .universal/authentication.ps1 script. An attacker with read access to that file can obtain the OIDC client credentials, leading to po...

6.5CVSS6AI score0.00161EPSS

CVE•added 2026/03/17 7:15 p.m.•14 views

CVE-2026-3563

CVE-2026-3563 affects PowerShell Universal prior to version 2026.1.4. The root cause is improper input validation in the apps and endpoints configuration. An authenticated user with permissions to create or modify Apps or Endpoints can override existing application or system routes, producing uni...

5.5CVSS5.8AI score0.00341EPSS

CVE•added 2026/06/12 2:11 p.m.•14 views

CVE-2026-8694

CVE-2026-8694 involves an improper access control flaw in Devolutions PowerShell Universal up to version 2026.1.7, where an unauthenticated remote attacker can obtain the OpenAPI specification of user-defined REST endpoints. The affected component is the OpenAPI/REST endpoint documentation expose...

5.3CVSS5.4AI score0.00221EPSS

CVE•added 2026/03/17 7:14 p.m.•13 views

CVE-2026-4064

CVE-2026-4064 affects PowerShell Universal prior to version 2026.1.4. The issue is missing authorization checks on multiple gRPC service endpoints, enabling an authenticated user with any valid token to bypass role-based access controls and perform privileged operations. Potential impact includes...

8.3CVSS5.8AI score0.00325EPSS

CVE•added 2026/01/07 5:0 p.m.•9 views

CVE-2026-0618

Devolutions PowerShell Universal is affected by a Cross-site Scripting vulnerability tracked as CVE-2026-0618. Vulnerable versions are before 4.5.6 and before 5.6.13. Root cause: improper input neutralization in user-supplied data, enabling script execution in web pages viewed by other users. Imp...

6.1CVSS6.3AI score0.00152EPSS