CVE-2026-13437

MEDIUM 6.5

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses.

CWE	CWE-201
Vendor	devolutions
Product	powershell universal
Published	Jun 29, 2026
Last Updated	Jun 29, 2026

Stay Ahead of the Next One

Get instant alerts for devolutions powershell universal

Be the first to know when new medium vulnerabilities affecting devolutions powershell universal are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Devolutions / PowerShell Universal

2026.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

devolutions.net: https://devolutions.net/security/advisories/DEVO-2026-0022/