OpenID Connect Authentication Vulnerability in PowerShell Universal
CVE-2026-3277

5.5MEDIUM

Key Information:

Vendor: Devolutions
Status: Powershell Universal
Vendor: CVE Published:; 27 February 2026

🔔 Create Devolutions Vulnerability Alert

What is CVE-2026-3277?

The configuration of OpenID Connect (OIDC) authentication in PowerShell Universal prior to version 2026.1.3 exposes the client secret in cleartext within the .universal/authentication.ps1 script. This weakness allows any individual with read access to the file to retrieve the sensitive OIDC client credentials, posing a significant risk of unauthorized access and data compromise.

Affected Version(s)

PowerShell Universal 0 < 2026.1.3

References

https://devolutions.net/security/advisories/DEVO-2026-0006

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2026
Vulnerability Reserved
Feb 26, 2026

CVE-2026-3277 Data

JSON