CVE-2026-4064

High CVSS: 8.3

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and disrupting service operations — via crafted gRPC requests.

Vendor

Ironmansoftware

Product

Powershell Universal

CWE

CWE-862

Yayın Tarihi

2026-03-17 20:16:14

Güncelleme

2026-03-19 13:03:28

Source Identifier

security@devolutions.net

KEV Date Added

Kategoriler

CWE-862 Powershell Universal HIGH Ironmansoftware 2026

Referanslar

https://devolutions.net/security/advisories/DEVO-2026-0008

Benzer Kayıtlar

Medium

CVE-2026-3563

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an auth…

Medium

CVE-2026-3277

The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client s…

Medium

CVE-2026-0618

Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4…