What is the CVSS score of CVE-2026-3563?

CVE-2026-3563 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L. EPSS exploitation probability: 0.0%.

Which versions of Powershell Universal are affected by CVE-2026-3563?

Organizations using the apps and endpoints configuration in PowerShell Universal should be aware of moderate risk from CVE-2026-3563 rated CVSS 5.5.. A patch is available.

Powershell Universal CVE-2026-3563

EUVD-2026-12636 MEDIUM

Improper Validation of Unsafe Equivalence in Input (CWE-1289)

2026-03-17 DEVOLUTIONS

Denial Of Service Powershell Universal

5.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

Low

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

2026.1.4

EUVD ID Assigned

Mar 17, 2026 - 20:30 euvd

EUVD-2026-12636

Analysis Generated

Mar 17, 2026 - 20:30 vuln.today

CVE Published

Mar 17, 2026 - 19:15 nvd

MEDIUM 5.5

DescriptionNVD

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.

AnalysisAI

PowerShell Universal versions before 2026.1.4 contain an improper input validation vulnerability in the apps and endpoints configuration system that allows authenticated users with creation or modification permissions to inject malicious URL paths that override existing application or system routes. This vulnerability can result in unintended request routing where legitimate traffic is redirected to attacker-controlled endpoints, as well as denial of service conditions through route conflicts. …

RemediationAI

Within 30 days: Identify affected systems running the apps and endpoints configuration in PowerShell Universal and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-3563 vulnerability details – vuln.today

Back