{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3277", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "state": "PUBLISHED", "assignerShortName": "DEVOLUTIONS", "dateReserved": "2026-02-26T15:29:18.531Z", "datePublished": "2026-02-27T15:11:18.252Z", "dateUpdated": "2026-03-30T20:43:33.695Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerShell Universal", "vendor": "Devolutions", "versions": [{"lessThan": "2026.1.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The OpenID Connect (OIDC) authentication configuration in PowerShell \nUniversal before 2026.1.3 stores the OIDC client secret in cleartext in \nthe <code>.universal/authentication.ps1</code> script, which allows an attacker with read access to that file to obtain the OIDC client credentials"}], "value": "The OpenID Connect (OIDC) authentication configuration in PowerShell \nUniversal before 2026.1.3 stores the OIDC client secret in cleartext in \nthe .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-02-27T15:11:18.252Z"}, "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0006"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T17:26:17.157053Z", "id": "CVE-2026-3277", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T20:43:33.695Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3277", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-27T17:26:17.157053Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T15:05:28.131Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Devolutions", "product": "PowerShell Universal", "versions": [{"status": "affected", "version": "0", "lessThan": "2026.1.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0006"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The OpenID Connect (OIDC) authentication configuration in PowerShell \nUniversal before 2026.1.3 stores the OIDC client secret in cleartext in \nthe .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials", "supportingMedia": [{"type": "text/html", "value": "The OpenID Connect (OIDC) authentication configuration in PowerShell \nUniversal before 2026.1.3 stores the OIDC client secret in cleartext in \nthe <code>.universal/authentication.ps1</code> script, which allows an attacker with read access to that file to obtain the OIDC client credentials", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-02-27T15:11:18.252Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3277", "state": "PUBLISHED", "dateUpdated": "2026-03-30T20:43:33.695Z", "dateReserved": "2026-02-26T15:29:18.531Z", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "datePublished": "2026-02-27T15:11:18.252Z", "assignerShortName": "DEVOLUTIONS"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ironmansoftware:powershell_universal:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDCF2FFB-2420-4494-9270-DAE5093BEC2B", "versionEndExcluding": "2026.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The OpenID Connect (OIDC) authentication configuration in PowerShell \nUniversal before 2026.1.3 stores the OIDC client secret in cleartext in \nthe .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials"}, {"lang": "es", "value": "La configuraci\u00f3n de autenticaci\u00f3n de OpenID Connect (OIDC) en PowerShell Universal anterior a 2026.1.3 almacena el secreto de cliente de OIDC en texto claro en el script .universal/authentication.ps1, lo que permite a un atacante con acceso de lectura a ese archivo obtener las credenciales de cliente de OIDC."}], "id": "CVE-2026-3277", "lastModified": "2026-03-30T21:17:10.657", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-27T16:16:26.260", "references": [{"source": "security@devolutions.net", "tags": ["Third Party Advisory"], "url": "https://devolutions.net/security/advisories/DEVO-2026-0006"}], "sourceIdentifier": "security@devolutions.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "security@devolutions.net", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2026.1.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PowerShell Universal", "source": "cna", "vendor": "Devolutions"}, "product": "powershell_universal", "vendor": "devolutions"}], "analysis": {"en": {"generated_at": "2026-04-16T15:27:12.754146+00:00", "value": {"mitigation_remediation": ["Upgrade PowerShell Universal to version 2026.1.3 or later to eliminate the cleartext credential storage. ", "If an immediate upgrade is not possible, restrict file system permissions on the .universal/authentication.ps1 script so that only trusted service accounts and administrators can read it. ", "Rotate and regenerate the OIDC client secret to invalidate any credentials that may have been exposed while interim mitigations are in place."], "summary": {"action": "Apply update", "impact": "Unencrypted OIDC client credentials exposure"}, "threat_synthesis": {"affected_systems": "Devolutions PowerShell Universal software is affected on all releases prior to version 2026.1.3. No specific sub\u2011versions are listed beyond this cutoff.", "description_and_impact": "The vulnerability causes the OpenID Connect client secret to be stored in plain text within the authentication.ps1 script for PowerShell Universal versions before 2026.1.3. An attacker who can read that script file can retrieve the client secret, enabling credential compromise and potential unauthorized access to protected resources.", "risk_and_exploitability": "The Common Vulnerability Scoring System evaluates the severity at 5.5, indicating moderate risk. The exploit probability as measured by EPSS is below 1%, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is therefore local or privilege\u2011relay: an actor must gain read access to the authentication.ps1 file, which may be achieved through misconfigured file permissions or compromised user accounts. The impact exists only for confidentiality of credentials; there is no direct denial of service or code execution identified."}}}}, "created": "2026-03-02T12:07:10.307045+00:00", "title": "Cleartext Storage of OIDC Client Secret in PowerShell Universal", "updated": "2026-04-16T15:30:06.227466+00:00", "vendors": ["devolutions", "devolutions$PRODUCT$powershell_universal"]}