Sensitive Data Exposure in Devolutions PowerShell Universal
CVE-2026-13437

6.5MEDIUM

Key Information:

Vendor: Devolutions
Status: Powershell Universal
Vendor: CVE Published:; 29 June 2026

🔔 Create Devolutions Vulnerability Alert

What is CVE-2026-13437?

The AI Agent job API in Devolutions PowerShell Universal version 2026.2.0 is vulnerable to sensitive data exposure, allowing authenticated users with AI Agent read access to retrieve sensitive authentication tokens. These tokens, serialized in plaintext within job API responses, can lead to unauthorized access if intercepted. This vulnerability highlights the importance of securing API responses and ensuring proper token management to mitigate the risks associated with sensitive information exposure.

Affected Version(s)

PowerShell Universal 2026.2.0

References

https://devolutions.net/security/advisories/DEVO-2026-0022/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 26, 2026

CVE-2026-13437 Data

JSON