Skip to main content

Powershell Universal

9 CVEs product

Monthly

CVE-2026-13437 MEDIUM This Month

Devolutions PowerShell Universal 2026.2.0 leaks serialized App Tokens in plaintext within AI Agent job API responses, enabling authenticated privilege escalation through token theft and replay. An authenticated user holding only AI Agent read access - a lower-privileged role - can extract reusable App Tokens that may carry significantly higher privileges than their own account, effectively bypassing the intended access control boundary. No public exploit code exists and CISA has not listed this in KEV, but the CVSS C:H rating reflects that successful exploitation yields credentials reusable across the platform.

Information Disclosure Powershell Universal
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-8694 MEDIUM This Month

Unauthenticated remote access to user-defined REST endpoint OpenAPI specifications is possible in Devolutions PowerShell Universal 2026.1.7 and earlier due to improper access control (CWE-306). Any network-reachable attacker without credentials can retrieve the full OpenAPI specification of internally defined REST APIs, exposing endpoint paths, parameters, and operational structure that administrators intended to be non-public. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog, but the low-complexity, zero-authentication network vector makes enumeration trivially automatable.

Authentication Bypass Powershell Universal
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3563 MEDIUM PATCH This Month

PowerShell Universal versions before 2026.1.4 contain an improper input validation vulnerability in the apps and endpoints configuration system that allows authenticated users with creation or modification permissions to inject malicious URL paths that override existing application or system routes. This vulnerability can result in unintended request routing where legitimate traffic is redirected to attacker-controlled endpoints, as well as denial of service conditions through route conflicts. The vulnerability requires high-level authentication privileges (PR:H) but has been formally documented in the ENISA EUVD database (EUVD-2026-12636) and poses a real risk to multi-tenant PowerShell Universal deployments where administrative controls may not be strictly enforced.

Denial Of Service Powershell Universal
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-4064 HIGH PATCH This Week

PowerShell Universal before version 2026.1.4 contains insufficient authorization validation on gRPC endpoints, allowing any authenticated user to bypass role-based access controls and execute privileged operations. An attacker with valid credentials can exploit this to read sensitive data, modify or delete resources, and disrupt service availability. No patch is currently available.

Authentication Bypass Information Disclosure Powershell Universal
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-3277 MEDIUM This Month

authentication configuration in PowerShell Universal versions up to 2026.1.3 is affected by cleartext storage of sensitive information.

Information Disclosure Powershell Universal
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0618 MEDIUM This Month

PowerShell Universal versions before 4.5.6 and 5.6.13 contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the network interface, affecting confidentiality and integrity of user sessions. An attacker can exploit this with user interaction to steal sensitive information or perform actions on behalf of affected users. No patch is currently available for this vulnerability.

XSS Powershell Universal
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2023-49213 HIGH POC This Week

The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Powershell Universal
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-45184 HIGH This Week

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Powershell Universal
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2022-45183 HIGH This Week

Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Powershell Universal
NVD
CVSS 3.1
8.8
EPSS
0.8%
EPSS 0% CVSS 6.5
MEDIUM This Month

Devolutions PowerShell Universal 2026.2.0 leaks serialized App Tokens in plaintext within AI Agent job API responses, enabling authenticated privilege escalation through token theft and replay. An authenticated user holding only AI Agent read access - a lower-privileged role - can extract reusable App Tokens that may carry significantly higher privileges than their own account, effectively bypassing the intended access control boundary. No public exploit code exists and CISA has not listed this in KEV, but the CVSS C:H rating reflects that successful exploitation yields credentials reusable across the platform.

Information Disclosure Powershell Universal
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated remote access to user-defined REST endpoint OpenAPI specifications is possible in Devolutions PowerShell Universal 2026.1.7 and earlier due to improper access control (CWE-306). Any network-reachable attacker without credentials can retrieve the full OpenAPI specification of internally defined REST APIs, exposing endpoint paths, parameters, and operational structure that administrators intended to be non-public. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog, but the low-complexity, zero-authentication network vector makes enumeration trivially automatable.

Authentication Bypass Powershell Universal
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

PowerShell Universal versions before 2026.1.4 contain an improper input validation vulnerability in the apps and endpoints configuration system that allows authenticated users with creation or modification permissions to inject malicious URL paths that override existing application or system routes. This vulnerability can result in unintended request routing where legitimate traffic is redirected to attacker-controlled endpoints, as well as denial of service conditions through route conflicts. The vulnerability requires high-level authentication privileges (PR:H) but has been formally documented in the ENISA EUVD database (EUVD-2026-12636) and poses a real risk to multi-tenant PowerShell Universal deployments where administrative controls may not be strictly enforced.

Denial Of Service Powershell Universal
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

PowerShell Universal before version 2026.1.4 contains insufficient authorization validation on gRPC endpoints, allowing any authenticated user to bypass role-based access controls and execute privileged operations. An attacker with valid credentials can exploit this to read sensitive data, modify or delete resources, and disrupt service availability. No patch is currently available.

Authentication Bypass Information Disclosure Powershell Universal
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

authentication configuration in PowerShell Universal versions up to 2026.1.3 is affected by cleartext storage of sensitive information.

Information Disclosure Powershell Universal
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

PowerShell Universal versions before 4.5.6 and 5.6.13 contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the network interface, affecting confidentiality and integrity of user sessions. An attacker can exploit this with user interaction to steal sensitive information or perform actions on behalf of affected users. No patch is currently available for this vulnerability.

XSS Powershell Universal
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Powershell Universal
NVD
EPSS 2% CVSS 7.2
HIGH This Week

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Powershell Universal
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Powershell Universal
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy