Skip to main content

PowerShell Universal CVE-2026-13437

| EUVDEUVD-2026-40127 MEDIUM
Insertion of Sensitive Information Into Sent Data (CWE-201)
2026-06-29 DEVOLUTIONS GHSA-fw4j-fj8v-q67w
6.5
CVSS 3.1 · Vendor: DEVOLUTIONS
Share

Severity by source

Vendor (DEVOLUTIONS) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-reachable API mandates PR:L for the AI Agent read role; C:H reflects reusable high-privilege token exposure with no integrity or availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (DEVOLUTIONS).

CVSS VectorVendor: DEVOLUTIONS

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jun 29, 2026 - 18:42 vuln.today
CVSS changed
Jun 29, 2026 - 17:22 NVD
6.5 (MEDIUM)
CVE Published
Jun 29, 2026 - 15:23 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses.

AnalysisAI

Devolutions PowerShell Universal 2026.2.0 leaks serialized App Tokens in plaintext within AI Agent job API responses, enabling authenticated privilege escalation through token theft and replay. An authenticated user holding only AI Agent read access - a lower-privileged role - can extract reusable App Tokens that may carry significantly higher privileges than their own account, effectively bypassing the intended access control boundary. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with AI Agent read-access account
Delivery
Query AI Agent job API endpoint
Exploit
Parse plaintext job API response payload
Execution
Extract serialized App Token
Persist
Replay token against PowerShell Universal API
Impact
Operate at elevated privilege level of token owner

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid user account with AI Agent read access within PowerShell Universal 2026.2.0 - unauthenticated exploitation is not possible per the CVSS PR:L rating. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) accurately reflects the attack profile: network-reachable, low complexity, but requiring authenticated access with at least the AI Agent read role. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privileged account bearing AI Agent read access authenticates to PowerShell Universal 2026.2.0 and issues queries to the AI Agent job API endpoint. The API responses contain serialized App Tokens in plaintext; the attacker extracts these tokens and replays them against other PowerShell Universal REST API endpoints, gaining access at the privilege level of the token owner - potentially full administrative control. …
Remediation Apply the vendor-issued fix described in the Devolutions security advisory DEVO-2026-0022 at https://devolutions.net/security/advisories/DEVO-2026-0022/. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13437 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy