Powershell Universal
Monthly
Devolutions PowerShell Universal 2026.2.0 leaks serialized App Tokens in plaintext within AI Agent job API responses, enabling authenticated privilege escalation through token theft and replay. An authenticated user holding only AI Agent read access - a lower-privileged role - can extract reusable App Tokens that may carry significantly higher privileges than their own account, effectively bypassing the intended access control boundary. No public exploit code exists and CISA has not listed this in KEV, but the CVSS C:H rating reflects that successful exploitation yields credentials reusable across the platform.
Unauthenticated remote access to user-defined REST endpoint OpenAPI specifications is possible in Devolutions PowerShell Universal 2026.1.7 and earlier due to improper access control (CWE-306). Any network-reachable attacker without credentials can retrieve the full OpenAPI specification of internally defined REST APIs, exposing endpoint paths, parameters, and operational structure that administrators intended to be non-public. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog, but the low-complexity, zero-authentication network vector makes enumeration trivially automatable.
PowerShell Universal versions before 2026.1.4 contain an improper input validation vulnerability in the apps and endpoints configuration system that allows authenticated users with creation or modification permissions to inject malicious URL paths that override existing application or system routes. This vulnerability can result in unintended request routing where legitimate traffic is redirected to attacker-controlled endpoints, as well as denial of service conditions through route conflicts. The vulnerability requires high-level authentication privileges (PR:H) but has been formally documented in the ENISA EUVD database (EUVD-2026-12636) and poses a real risk to multi-tenant PowerShell Universal deployments where administrative controls may not be strictly enforced.
PowerShell Universal before version 2026.1.4 contains insufficient authorization validation on gRPC endpoints, allowing any authenticated user to bypass role-based access controls and execute privileged operations. An attacker with valid credentials can exploit this to read sensitive data, modify or delete resources, and disrupt service availability. No patch is currently available.
authentication configuration in PowerShell Universal versions up to 2026.1.3 is affected by cleartext storage of sensitive information.
PowerShell Universal versions before 4.5.6 and 5.6.13 contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the network interface, affecting confidentiality and integrity of user sessions. An attacker can exploit this with user interaction to steal sensitive information or perform actions on behalf of affected users. No patch is currently available for this vulnerability.
The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Devolutions PowerShell Universal 2026.2.0 leaks serialized App Tokens in plaintext within AI Agent job API responses, enabling authenticated privilege escalation through token theft and replay. An authenticated user holding only AI Agent read access - a lower-privileged role - can extract reusable App Tokens that may carry significantly higher privileges than their own account, effectively bypassing the intended access control boundary. No public exploit code exists and CISA has not listed this in KEV, but the CVSS C:H rating reflects that successful exploitation yields credentials reusable across the platform.
Unauthenticated remote access to user-defined REST endpoint OpenAPI specifications is possible in Devolutions PowerShell Universal 2026.1.7 and earlier due to improper access control (CWE-306). Any network-reachable attacker without credentials can retrieve the full OpenAPI specification of internally defined REST APIs, exposing endpoint paths, parameters, and operational structure that administrators intended to be non-public. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog, but the low-complexity, zero-authentication network vector makes enumeration trivially automatable.
PowerShell Universal versions before 2026.1.4 contain an improper input validation vulnerability in the apps and endpoints configuration system that allows authenticated users with creation or modification permissions to inject malicious URL paths that override existing application or system routes. This vulnerability can result in unintended request routing where legitimate traffic is redirected to attacker-controlled endpoints, as well as denial of service conditions through route conflicts. The vulnerability requires high-level authentication privileges (PR:H) but has been formally documented in the ENISA EUVD database (EUVD-2026-12636) and poses a real risk to multi-tenant PowerShell Universal deployments where administrative controls may not be strictly enforced.
PowerShell Universal before version 2026.1.4 contains insufficient authorization validation on gRPC endpoints, allowing any authenticated user to bypass role-based access controls and execute privileged operations. An attacker with valid credentials can exploit this to read sensitive data, modify or delete resources, and disrupt service availability. No patch is currently available.
authentication configuration in PowerShell Universal versions up to 2026.1.3 is affected by cleartext storage of sensitive information.
PowerShell Universal versions before 4.5.6 and 5.6.13 contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the network interface, affecting confidentiality and integrity of user sessions. An attacker can exploit this with user interaction to steal sensitive information or perform actions on behalf of affected users. No patch is currently available for this vulnerability.
The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.