5 matches found
CVE-2026-3277
The vulnerability CVE-2026-3277 affects PowerShell Universal prior to version 2026.1.3, where the OpenID Connect (OIDC) client secret is stored in cleartext in the .universal/authentication.ps1 script. An attacker with read access to that file can obtain the OIDC client credentials, leading to po...
CVE-2026-4064
CVE-2026-4064 affects PowerShell Universal prior to version 2026.1.4. The issue is missing authorization checks on multiple gRPC service endpoints, enabling an authenticated user with any valid token to bypass role-based access controls and perform privileged operations. Potential impact includes...
CVE-2026-3563
CVE-2026-3563 affects PowerShell Universal prior to version 2026.1.4. The root cause is improper input validation in the apps and endpoints configuration. An authenticated user with permissions to create or modify Apps or Endpoints can override existing application or system routes, producing uni...
CVE-2026-8694
CVE-2026-8694 involves an improper access control flaw in Devolutions PowerShell Universal up to version 2026.1.7, where an unauthenticated remote attacker can obtain the OpenAPI specification of user-defined REST endpoints. The affected component is the OpenAPI/REST endpoint documentation expose...
CVE-2026-0618
Devolutions PowerShell Universal is affected by a Cross-site Scripting vulnerability tracked as CVE-2026-0618. Vulnerable versions are before 4.5.6 and before 5.6.13. Root cause: improper input neutralization in user-supplied data, enabling script execution in web pages viewed by other users. Imp...