CVE-2026-3277
CVSS Score
5.5
EPSS Score
0.0%
EPSS Percentile
1th
The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials
| CWE | CWE-312 |
| Vendor | devolutions |
| Product | powershell universal |
| Published | Feb 27, 2026 |
| Last Updated | Mar 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for devolutions powershell universal
Be the first to know when new medium vulnerabilities affecting devolutions powershell universal are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Devolutions / PowerShell Universal
0 < 2026.1.3