GCVE - cpe:2.3:a:devolutions:powershell_universal:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:devolutions:powershell_universal:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Devolutions (`7032325e-1090-5501-8038-d00cf17c6e3c`)
Product	Powershell Universal (`91d795ef-90ee-575e-b092-cf50686b87b4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-4064`	vulnerable	2026-06-03 15:26:24.287263	Details available Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and disrupting service operations — via crafted gRPC requests. Published: 2026-03-17T19:14:17.189Z Updated: 2026-03-17T20:03:19.106Z Open on db.gcve.eu Reference links https://devolutions.net/security/advisories/DEVO-2026-0008	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3563`	vulnerable	2026-06-03 15:23:33.072963	Details available Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path. Published: 2026-03-17T19:15:37.820Z Updated: 2026-03-17T20:04:00.419Z Open on db.gcve.eu Reference links https://devolutions.net/security/advisories/DEVO-2026-0008	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3277`	vulnerable	2026-06-03 15:23:31.969864	Details available The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials Published: 2026-02-27T15:11:18.252Z Updated: 2026-03-30T20:43:33.695Z Open on db.gcve.eu Reference links https://devolutions.net/security/advisories/DEVO-2026-0006	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-0618`	vulnerable	2026-06-03 15:14:42.328295	Details available Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13. Published: 2026-01-07T17:00:21.027Z Updated: 2026-01-07T17:21:44.829Z Open on db.gcve.eu Reference links https://devolutions.net/security/advisories/DEVO-2026-0001/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.