EUVD-2026-12637CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Lifecycle Timeline
3Description
Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations - including reading sensitive data, creating or deleting resources, and disrupting service operations - via crafted gRPC requests.
Analysis
PowerShell Universal before version 2026.1.4 contains insufficient authorization validation on gRPC endpoints, allowing any authenticated user to bypass role-based access controls and execute privileged operations. An attacker with valid credentials can exploit this to read sensitive data, modify or delete resources, and disrupt service availability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all instances of PowerShell Universal in your environment and document their versions and criticality. Within 7 days: Implement network segmentation to restrict gRPC service access to trusted internal networks only, restrict PowerShell Universal access to users with legitimate business need, and disable gRPC endpoints if not actively required. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today